Symfony 5 does not handle session configuration from framework.yaml file

I have 4 framework files:

/config/framework.yaml:

framework:
  csrf_protection: true

  session:
    # enables the support of sessions in the app
    enabled: true
    # ID of the service used for session storage.
    # NULL means that Symfony uses PHP default session mechanism
    handler_id: Symfo/blnyComponentHttpFoundationSessionStorageHandlerRedisSessionHandler
    # improves the security of the cookies used for sessions
    cookie_secure: true
    cookie_lifetime: 172800
    cookie_httponly: true
    cookie_samesite: 'strict'

/config/package/framework.yaml

# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
    secret: '%env(APP_SECRET)%'
    csrf_protection: true
    #http_method_override: true

    # Enables session support. Note that the session will ONLY be started if you read or write from it.
    # Remove or comment this section to explicitly disable session support.
    session:
        handler_id: SymfonyComponentHttpFoundationSessionStorageHandlerRedisSessionHandler
        cookie_secure: true
        cookie_lifetime: 172800
        cookie_httponly: true
        cookie_samesite: 'strict'

    #esi: true
    #fragments: true
    php_errors:
        log: true

configroutesdevframework.yaml

_errors:
    resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
    prefix: /_error

and /config/packages/test/framework.yaml

framework:
    test: true
    session:
        storage_id: session.storage.mock_file

I see cookie settings and session handler are not used: for example created cookies have a wrong lifetime and sessions are not stored in Redis.

I checked app status by executing bin/console config:dump-reference framework command and I see the defined config is not there:

    session:
        enabled:              false
        storage_id:           session.storage.native
        handler_id:           session.handler.native_file
        name:                 ~
        cookie_lifetime:      ~
        cookie_path:          ~
        cookie_domain:        ~
        cookie_secure:        ~ # One of true; false; "auto"
        cookie_httponly:      true
        cookie_samesite:      null # One of null; "lax"; "strict"; "none"
        use_cookies:          ~
        gc_divisor:           ~
        gc_probability:       1
        gc_maxlifetime:       ~
        save_path:            '%kernel.cache_dir%/sessions'

        # seconds to wait between 2 session metadata updates
        metadata_update_threshold: 0
        sid_length:           ~
        sid_bits_per_character: ~

Why?
How to fix that?

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *