From 6ae880b214eb9957e8a816b013970d9037a6170a Mon Sep 17 00:00:00 2001
From: Alexander Skvortsov <38059171+askvortsov1@users.noreply.github.com>
Date: Fri, 16 Apr 2021 15:53:05 -0400
Subject: [PATCH] Drop session from user class (#2790)

This was originally introduced in https://github.com/flarum/core/commit/d87583d0ef3bc462377b939bdc5e72a29727edda, but has not seen usage, since usually when the session needs to be modified, the request is available.

It causes issues with certain queue drivers, as it can't be serialized.

It's also not entirely accurate, as a user can have multiple sessions at once. Therefore, a given session is a property of the request, not of the user.

The reason this causes issues in the Queue is that when a Job has payload that consists User(s), the Queue will try to serialize that. Serializing the User object will require serializing the session too; this causes a Serialization of Closure is not allowed error, see image.

One can circumvent that in many ways, the most obvious one is adding a __sleep and __wakeup implementation in the User class (or the session handler). But as we aren't really using the session on the User model anywhere in core, bundled or most community extensions it is best to simply detach this from the user.
---
 .../Middleware/AuthenticateWithSession.php    |  2 --
 framework/core/src/User/User.php              | 22 -------------------
 2 files changed, 24 deletions(-)

diff --git a/framework/core/src/Http/Middleware/AuthenticateWithSession.php b/framework/core/src/Http/Middleware/AuthenticateWithSession.php
index 3ef52c495..d4d5fbe06 100644
--- a/framework/core/src/Http/Middleware/AuthenticateWithSession.php
+++ b/framework/core/src/Http/Middleware/AuthenticateWithSession.php
@@ -26,8 +26,6 @@ class AuthenticateWithSession implements Middleware
 
         $actor = $this->getActor($session, $request);
 
-        $actor->setSession($session);
-
         $request = RequestUtil::withActor($request, $actor);
 
         return $handler->handle($request);
diff --git a/framework/core/src/User/User.php b/framework/core/src/User/User.php
index 6356f743a..110f5d2e3 100644
--- a/framework/core/src/User/User.php
+++ b/framework/core/src/User/User.php
@@ -33,7 +33,6 @@ use Flarum\User\Event\Renamed;
 use Flarum\User\Exception\NotAuthenticatedException;
 use Flarum\User\Exception\PermissionDeniedException;
 use Illuminate\Contracts\Hashing\Hasher;
-use Illuminate\Contracts\Session\Session;
 use Illuminate\Support\Arr;
 
 /**
@@ -76,11 +75,6 @@ class User extends AbstractModel
      */
     protected $permissions = null;
 
-    /**
-     * @var Session
-     */
-    protected $session;
-
     /**
      * An array of callables, through each of which the user's list of groups is passed
      * before being returned.
@@ -786,22 +780,6 @@ class User extends AbstractModel
         return ! $this->can($ability, $arguments);
     }
 
-    /**
-     * @return Session
-     */
-    public function getSession()
-    {
-        return $this->session;
-    }
-
-    /**
-     * @param Session $session
-     */
-    public function setSession(Session $session)
-    {
-        $this->session = $session;
-    }
-
     /**
      * Set the hasher with which to hash passwords.
      *