Worker reuses kernel with Security already configured

[mrblur]

What happened?

Quick context:
Application on Symfony 6.4, Api Platform, Lexik JWT Bundle, very basic (CRUD-type) - almost default configuration.

Once deployed in production mode, my app started to behave oddly, mainly, my JWT-signed endpoints for secure file downloads started to return 403s, but only when called multiple at once.
Everything was fine on dev builds (docker target frankenphp_dev), but once I've built on frankenphp_prod it randomly returned 403's. If I'd hit refresh, sometimes it did load! I'd hit it again - 403, on the other hand, once the container is restarted, if I'd refresh on only a single file - it loaded fine every single time 20/20. But once I tried to load multiple files - random 403's were back.
This happens only on production build, took me a couple of hours to figure it out as this is my first impression of FrankenPHP.

I use stateless firewall with Lexik JWT Bundle and this specific endpoint uses custom authenticator to resolve user from JWT token provided as query parameter. Basically this endpoint handles signed urls for downloading or displaying a file. Every request has its own username and file id combo stored in JWT payload, if the JWT signature is valid the user gets instantiated with two properties: username and file_id (and no USER_ROLE so that the JWT cannot be used for anything else than file download).

I have a #[IsGranted()] on controller's endpoint with a complementary Voter that fetches current user instance from Security::getToken()->getUser(), checks if the user is that special class instance and if it is - compares file_id of the request with the file_id stored in token's payload. This works flawlessly on dev builds and during tests.

In worker mode of frankenphp, sometimes these two file_id's do not match. It is not the frontend part mixing stuff as you can hit F5 a couple of times and get different results for the exact same request and JWT token.

I figured these have to be related to TokenStorage not being reset between requests. But since I am very new to FrankenPhp and especially worker mode, I might be just stupid and need a guidance 😅

Shouldn't Franken's runner call service_resetter after every request, since normally Kernel does it only on boot() ?

Build Type

Docker (Debian Bookworm)

Worker Mode

Yes

Operating System

GNU/Linux

CPU Architecture

x86_64

PHP configuration

PHP logo
PHP Version 8.3.12
System	Linux 0764b3d67507 6.1.106-Unraid #1 SMP PREEMPT_DYNAMIC Wed Aug 21 23:36:07 PDT 2024 x86_64
Build Date	Sep 27 2024 06:24:37
Build System	Linux - Docker
Build Provider	https://github.com/docker-library/php
Configure Command	'./configure' '--build=x86_64-linux-gnu' '--with-config-file-path=/usr/local/etc/php' '--with-config-file-scan-dir=/usr/local/etc/php/conf.d' '--enable-option-checking=fatal' '--with-mhash' '--with-pic' '--enable-mbstring' '--enable-mysqlnd' '--with-password-argon2' '--with-sodium=shared' '--with-pdo-sqlite=/usr' '--with-sqlite3=/usr' '--with-curl' '--with-iconv' '--with-openssl' '--with-readline' '--with-zlib' '--enable-phpdbg' '--enable-phpdbg-readline' '--with-pear' '--with-libdir=lib/x86_64-linux-gnu' '--enable-embed' '--enable-zts' '--disable-zend-signals' 'build_alias=x86_64-linux-gnu'
Server API	FrankenPHP
Virtual Directory Support	enabled
Configuration File (php.ini) Path	/usr/local/etc/php
Loaded Configuration File	/usr/local/etc/php/php.ini
Scan this dir for additional .ini files	/usr/local/etc/php/conf.d
Additional .ini files parsed	/usr/local/etc/php/conf.d/app.ini, /usr/local/etc/php/conf.d/app.prod.ini, /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini, /usr/local/etc/php/conf.d/docker-php-ext-intl.ini, /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini, /usr/local/etc/php/conf.d/docker-php-ext-pdo_pgsql.ini, /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini, /usr/local/etc/php/conf.d/docker-php-ext-zip.ini
PHP API	20230831
PHP Extension	20230831
Zend Extension	420230831
Zend Extension Build	API420230831,TS
PHP Extension Build	API20230831,TS
Debug Build	no
Thread Safety	enabled
Thread API	POSIX Threads
Zend Signal Handling	disabled
Zend Memory Manager	enabled
Zend Multibyte Support	provided by mbstring
Zend Max Execution Timers	enabled
IPv6 Support	enabled
DTrace Support	disabled
Registered PHP Streams	https, ftps, compress.zlib, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports	tcp, udp, unix, udg, ssl, tls, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
Registered Stream Filters	zlib.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, convert.*, consumed, dechunk
Zend logoThis program makes use of the Zend Scripting Language Engine:
Zend Engine v4.3.12, Copyright (c) Zend Technologies with Zend OPcache v8.3.12, Copyright (c), by Zend Technologies
Configuration
apcu
APCu Support	Enabled
Version	5.1.24
APCu Debugging	Disabled
MMAP Support	Enabled
MMAP File Mask	no value
Serialization Support	php
Build Date	Oct 14 2024 18:57:13
Directive	Local Value	Master Value
apc.coredump_unmap	Off	Off
apc.enable_cli	On	On
apc.enabled	On	On
apc.entries_hint	4096	4096
apc.gc_ttl	3600	3600
apc.mmap_file_mask	no value	no value
apc.preload_path	no value	no value
apc.serializer	php	php
apc.shm_segments	1	1
apc.shm_size	32M	32M
apc.slam_defense	Off	Off
apc.smart	0	0
apc.ttl	0	0
apc.use_request_time	Off	Off
Core
PHP Version	8.3.12
Directive	Local Value	Master Value
allow_url_fopen	On	On
allow_url_include	Off	Off
arg_separator.input	&	&
arg_separator.output	&	&
auto_append_file	no value	no value
auto_globals_jit	On	On
auto_prepend_file	no value	no value
browscap	no value	no value
default_charset	UTF-8	UTF-8
default_mimetype	text/html	text/html
disable_classes	no value	no value
disable_functions	no value	no value
display_errors	Off	Off
display_startup_errors	Off	Off
doc_root	no value	no value
docref_ext	no value	no value
docref_root	no value	no value
enable_dl	Off	Off
enable_post_data_reading	On	On
error_append_string	no value	no value
error_log	no value	no value
error_log_mode	0644	0644
error_prepend_string	no value	no value
error_reporting	22527	22527
expose_php	Off	Off
extension_dir	/usr/local/lib/php/extensions/no-debug-zts-20230831	/usr/local/lib/php/extensions/no-debug-zts-20230831
fiber.stack_size	no value	no value
file_uploads	On	On
hard_timeout	2	2
highlight.comment	#FF8000	#FF8000
highlight.default	#0000BB	#0000BB
highlight.html	#000000	#000000
highlight.keyword	#007700	#007700
highlight.string	#DD0000	#DD0000
html_errors	On	On
ignore_repeated_errors	Off	Off
ignore_repeated_source	Off	Off
ignore_user_abort	Off	Off
implicit_flush	Off	Off
include_path	.:/usr/local/lib/php	.:/usr/local/lib/php
input_encoding	no value	no value
internal_encoding	no value	no value
log_errors	On	On
mail.add_x_header	Off	Off
mail.force_extra_parameters	no value	no value
mail.log	no value	no value
mail.mixed_lf_and_crlf	Off	Off
max_execution_time	30	30
max_file_uploads	20	20
max_input_nesting_level	64	64
max_input_time	60	60
max_input_vars	1000	1000
max_multipart_body_parts	-1	-1
memory_limit	128M	128M
open_basedir	no value	no value
output_buffering	4096	4096
output_encoding	no value	no value
output_handler	no value	no value
post_max_size	8M	8M
precision	14	14
realpath_cache_size	4096K	4096K
realpath_cache_ttl	600	600
register_argc_argv	Off	Off
report_memleaks	On	On
report_zend_debug	Off	Off
request_order	GP	GP
sendmail_from	no value	no value
sendmail_path	/usr/sbin/sendmail -t -i	/usr/sbin/sendmail -t -i
serialize_precision	-1	-1
short_open_tag	Off	Off
SMTP	localhost	localhost
smtp_port	25	25
sys_temp_dir	no value	no value
syslog.facility	LOG_USER	LOG_USER
syslog.filter	no-ctrl	no-ctrl
syslog.ident	php	php
unserialize_callback_func	no value	no value
upload_max_filesize	30M	30M
upload_tmp_dir	no value	no value
user_dir	no value	no value
user_ini.cache_ttl	300	300
user_ini.filename	.user.ini	.user.ini
variables_order	GPCS	GPCS
xmlrpc_error_number	0	0
xmlrpc_errors	Off	Off
zend.assertions	-1	-1
zend.detect_unicode	Off	Off
zend.enable_gc	On	On
zend.exception_ignore_args	On	On
zend.exception_string_param_max_len	0	0
zend.max_allowed_stack_size	0	0
zend.multibyte	Off	Off
zend.reserved_stack_size	0	0
zend.script_encoding	no value	no value
ctype
ctype functions	enabled
curl
cURL support	enabled
cURL Information	7.88.1
Age	10
Features
AsynchDNS	Yes
CharConv	No
Debug	No
GSS-Negotiate	No
IDN	Yes
IPv6	Yes
krb4	No
Largefile	Yes
libz	Yes
NTLM	Yes
NTLMWB	Yes
SPNEGO	Yes
SSL	Yes
SSPI	No
TLS-SRP	Yes
HTTP2	Yes
GSSAPI	Yes
KERBEROS5	Yes
UNIX_SOCKETS	Yes
PSL	Yes
HTTPS_PROXY	Yes
MULTI_SSL	No
BROTLI	Yes
ALTSVC	Yes
HTTP3	No
UNICODE	No
ZSTD	Yes
HSTS	Yes
GSASL	No
Protocols	dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtmp, rtmpe, rtmps, rtmpt, rtmpte, rtmpts, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
Host	x86_64-pc-linux-gnu
SSL Version	OpenSSL/3.0.14
ZLib Version	1.2.13
libSSH Version	libssh2/1.10.0
Directive	Local Value	Master Value
curl.cainfo	no value	no value
date
date/time support	enabled
timelib version	2022.10
"Olson" Timezone Database Version	2024.2
Timezone Database	internal
Default timezone	UTC
Directive	Local Value	Master Value
date.default_latitude	31.7667	31.7667
date.default_longitude	35.2333	35.2333
date.sunrise_zenith	90.833333	90.833333
date.sunset_zenith	90.833333	90.833333
date.timezone	UTC	UTC
dom
DOM/XML	enabled
DOM/XML API Version	20031129
libxml Version	2.9.14
HTML Support	enabled
XPath Support	enabled
XPointer Support	enabled
Schema Support	enabled
RelaxNG Support	enabled
fileinfo
fileinfo support	enabled
libmagic	543
filter
Input Validation and Filtering	enabled
Directive	Local Value	Master Value
filter.default	unsafe_raw	unsafe_raw
filter.default_flags	no value	no value
frankenphp
Version	v1.2.5
hash
hash support	enabled
Hashing Engines	md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b crc32c fnv132 fnv1a32 fnv164 fnv1a64 joaat murmur3a murmur3c murmur3f xxh32 xxh64 xxh3 xxh128 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
MHASH support	Enabled
MHASH API Version	Emulated Support
iconv
iconv support	enabled
iconv implementation	glibc
iconv library version	2.36
Directive	Local Value	Master Value
iconv.input_encoding	no value	no value
iconv.internal_encoding	no value	no value
iconv.output_encoding	no value	no value
intl
Internationalization support	enabled
ICU version	72.1
ICU Data version	72.1
ICU TZData version	2022e
ICU Unicode version	15.0
Directive	Local Value	Master Value
intl.default_locale	no value	no value
intl.error_level	0	0
intl.use_exceptions	Off	Off
json
json support	enabled
libxml
libXML support	active
libXML Compiled Version	2.9.14
libXML Loaded Version	20914
libXML streams	enabled
mbstring
Multibyte Support	enabled
Multibyte string engine	libmbfl
HTTP input encoding translation	disabled
libmbfl version	1.3.2
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support	enabled
Multibyte regex (oniguruma) version	6.9.8
Directive	Local Value	Master Value
mbstring.detect_order	no value	no value
mbstring.encoding_translation	Off	Off
mbstring.http_input	no value	no value
mbstring.http_output	no value	no value
mbstring.http_output_conv_mimetypes	^(text/|application/xhtml\+xml)	^(text/|application/xhtml\+xml)
mbstring.internal_encoding	no value	no value
mbstring.language	neutral	neutral
mbstring.regex_retry_limit	1000000	1000000
mbstring.regex_stack_limit	100000	100000
mbstring.strict_detection	Off	Off
mbstring.substitute_character	no value	no value
mysqlnd
mysqlnd	enabled
Version	mysqlnd 8.3.12
Compression	supported
core SSL	supported
extended SSL	supported
Command buffer size	4096
Read buffer size	32768
Read timeout	86400
Collecting statistics	Yes
Collecting memory statistics	No
Tracing	n/a
Loaded plugins	mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_caching_sha2_password,auth_plugin_sha256_password
API Extensions	no value
openssl
OpenSSL support	enabled
OpenSSL Library Version	OpenSSL 3.0.14 4 Jun 2024
OpenSSL Header Version	OpenSSL 3.0.14 4 Jun 2024
Openssl default config	/usr/lib/ssl/openssl.cnf
Directive	Local Value	Master Value
openssl.cafile	no value	no value
openssl.capath	no value	no value
pcre
PCRE (Perl Compatible Regular Expressions) Support	enabled
PCRE Library Version	10.42 2022-12-12
PCRE Unicode Version	14.0.0
PCRE JIT Support	enabled
PCRE JIT Target	x86 64bit (little endian + unaligned)
Directive	Local Value	Master Value
pcre.backtrack_limit	1000000	1000000
pcre.jit	On	On
pcre.recursion_limit	100000	100000
PDO
PDO support	enabled
PDO drivers	sqlite, pgsql
pdo_pgsql
PDO Driver for PostgreSQL	enabled
PostgreSQL(libpq) Version	15.8
pdo_sqlite
PDO Driver for SQLite 3.x	enabled
SQLite Library	3.40.1
Phar
Phar: PHP Archive support	enabled
Phar API version	1.1.1
Phar-based phar archives	enabled
Tar-based phar archives	enabled
ZIP-based phar archives	enabled
gzip compression	enabled
bzip2 compression	disabled (install ext/bz2)
Native OpenSSL support	enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
Directive	Local Value	Master Value
phar.cache_list	no value	no value
phar.readonly	On	On
phar.require_hash	On	On
posix
POSIX support	enabled
random
Version	8.3.12
readline
Readline Support	enabled
Readline library	8.2
Directive	Local Value	Master Value
cli.pager	no value	no value
cli.prompt	\b \>	\b \>
Reflection
Reflection	enabled
session
Session Support	enabled
Registered save handlers	files user
Registered serializer handlers	php_serialize php php_binary
Directive	Local Value	Master Value
session.auto_start	Off	Off
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_samesite	no value	no value
session.cookie_secure	Off	Off
session.gc_divisor	1000	1000
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.lazy_write	On	On
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	no value	no value
session.serialize_handler	php	php
session.sid_bits_per_character	5	5
session.sid_length	26	26
session.upload_progress.cleanup	On	On
session.upload_progress.enabled	On	On
session.upload_progress.freq	1%	1%
session.upload_progress.min_freq	1	1
session.upload_progress.name	PHP_SESSION_UPLOAD_PROGRESS	PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix	upload_progress_	upload_progress_
session.use_cookies	On	On
session.use_only_cookies	On	On
session.use_strict_mode	On	On
session.use_trans_sid	Off	Off
SimpleXML
SimpleXML support	enabled
Schema support	enabled
sodium
sodium support	enabled
libsodium headers version	1.0.18
libsodium library version	1.0.18
SPL
SPL support	enabled
Interfaces	OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes	AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
sqlite3
SQLite3 support	enabled
SQLite Library	3.40.1
Directive	Local Value	Master Value
sqlite3.defensive	On	On
sqlite3.extension_dir	no value	no value
standard
Dynamic Library Support	enabled
Path to sendmail	/usr/sbin/sendmail -t -i
Directive	Local Value	Master Value
assert.active	On	On
assert.bail	Off	Off
assert.callback	no value	no value
assert.exception	On	On
assert.warning	On	On
auto_detect_line_endings	Off	Off
default_socket_timeout	60	60
from	no value	no value
session.trans_sid_hosts	no value	no value
session.trans_sid_tags	a=href,area=href,frame=src,form=	a=href,area=href,frame=src,form=
unserialize_max_depth	4096	4096
url_rewriter.hosts	no value	no value
url_rewriter.tags	form=	form=
user_agent	no value	no value
tokenizer
Tokenizer Support	enabled
xml
XML Support	active
XML Namespace Support	active
libxml2 Version	2.9.14
xmlreader
XMLReader	enabled
xmlwriter
XMLWriter	enabled
Zend OPcache
Opcode Caching	Up and Running
Optimization	Enabled
SHM Cache	Enabled
File Cache	Disabled
JIT	On
Startup	OK
Shared memory model	mmap
Cache hits	76726
Cache misses	3059
Used memory	48225744
Free memory	220202528
Wasted memory	7184
Interned Strings Used memory	8904616
Interned Strings Free memory	7872600
Cached scripts	2103
Cached keys	3597
Max keys	32531
OOM restarts	0
Hash keys restarts	0
Manual restarts	0
Start time	2024-10-15T17:20:00+0000
Last restart time	none
Last force restart time	none
Directive	Local Value	Master Value
opcache.blacklist_filename	no value	no value
opcache.dups_fix	Off	Off
opcache.enable	On	On
opcache.enable_cli	Off	Off
opcache.enable_file_override	On	On
opcache.error_log	no value	no value
opcache.file_cache	no value	no value
opcache.file_cache_consistency_checks	On	On
opcache.file_cache_only	Off	Off
opcache.file_update_protection	2	2
opcache.force_restart_timeout	180	180
opcache.huge_code_pages	Off	Off
opcache.interned_strings_buffer	16	16
opcache.jit	tracing	tracing
opcache.jit_bisect_limit	0	0
opcache.jit_blacklist_root_trace	16	16
opcache.jit_blacklist_side_trace	8	8
opcache.jit_buffer_size	0	0
opcache.jit_debug	0	0
opcache.jit_hot_func	127	127
opcache.jit_hot_loop	64	64
opcache.jit_hot_return	8	8
opcache.jit_hot_side_exit	8	8
opcache.jit_max_exit_counters	8192	8192
opcache.jit_max_loop_unrolls	8	8
opcache.jit_max_polymorphic_calls	2	2
opcache.jit_max_recursive_calls	2	2
opcache.jit_max_recursive_returns	2	2
opcache.jit_max_root_traces	1024	1024
opcache.jit_max_side_traces	128	128
opcache.jit_max_trace_length	1024	1024
opcache.jit_prof_threshold	0.005	0.005
opcache.lockfile_path	/tmp	/tmp
opcache.log_verbosity_level	1	1
opcache.max_accelerated_files	20000	20000
opcache.max_file_size	0	0
opcache.max_wasted_percentage	5	5
opcache.memory_consumption	256	256
opcache.opt_debug_level	0	0
opcache.optimization_level	0x7FFEBFFF	0x7FFEBFFF
opcache.preferred_memory_model	no value	no value
opcache.preload	/app/config/preload.php	/app/config/preload.php
opcache.preload_user	root	root
opcache.protect_memory	Off	Off
opcache.record_warnings	Off	Off
opcache.restrict_api	no value	no value
opcache.revalidate_freq	2	2
opcache.revalidate_path	Off	Off
opcache.save_comments	On	On
opcache.use_cwd	On	On
opcache.validate_permission	Off	Off
opcache.validate_root	Off	Off
opcache.validate_timestamps	On	On
zip
Zip	enabled
Zip version	1.22.3
Libzip version	1.7.3
BZIP2 compression	Yes
XZ compression	No
ZSTD compression	No
AES-128 encryption	Yes
AES-192 encryption	Yes
AES-256 encryption	Yes
zlib
ZLib Support	enabled
Stream Wrapper	compress.zlib://
Stream Filter	zlib.inflate, zlib.deflate
Compiled Version	1.2.13
Linked Version	1.2.13
Directive	Local Value	Master Value
zlib.output_compression	Off	Off
zlib.output_compression_level	-1	-1
zlib.output_handler	no value	no value
Additional Modules
Module Name
Environment
Variable	Value
DATABASE_URL	postgresql://fondor24:[email protected]:5432/fondor24demo
APP_DEBUG	0
HOSTNAME	0764b3d67507
PHP_INI_DIR	/usr/local/etc/php
MERCURE_SUBSCRIBER_JWT_KEY	93d3ced22700e652226f0f15311ff3ca
HOME	/root
GODEBUG	cgocheck=0
PHP_LDFLAGS	-Wl,-O1 -pie
HOST_OS	Unraid
PHP_CFLAGS	-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
PHP_VERSION	8.3.12
TRUSTED_PROXIES	127.0.0.1,192.168.2.9
MERCURE_PUBLISHER_JWT_KEY	93d3ced22700e652226f0f15311ff3ca
MINIO_USERNAME	fondor
GPG_KEYS	1198C0117593497A5EC5C199286AF1F9897469DC C28D937575603EB4ABB725861C0779DC5C0A9DE4 AFD8691FDAEDF03BDF6E460563F15A9B715376CA
MINIO_ENDPOINT	http://192.168.111.106:9000
PHP_CPPFLAGS	-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
PHP_ASC_URL	https://www.php.net/distributions/php-8.3.12.tar.xz.asc
COMPOSER_ALLOW_SUPERUSER	1
PHP_URL	https://www.php.net/distributions/php-8.3.12.tar.xz
APP_SECRET	5611be4dbe3375609c08397030bdd82b
PATH	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
FRANKENPHP_CONFIG	""
XDG_CONFIG_HOME	/config
XDG_DATA_HOME	/data
HOST_HOSTNAME	Tower
FRANKENPHP_LOOP_MAX	1
HOST_CONTAINERNAME	Fondor24-demo
MINIO_PASSWORD	fondorfondor
PHPIZE_DEPS	autoconf dpkg-dev file g++ gcc libc-dev make pkg-config re2c
APP_ENV	prod
PWD	/app
PHP_SHA256	f774e28633e26fc8c5197f4dae58ec9e3ff87d1b4311cbc61ab05a7ad24bd131
TZ	Europe/Warsaw
SERVER_NAME	:80
PHP Variables
Variable	Value
$_SERVER['DATABASE_URL']	postgresql://fondor24:[email protected]:5432/fondor24demo
$_SERVER['APP_DEBUG']	0
$_SERVER['HOSTNAME']	0764b3d67507
$_SERVER['PHP_INI_DIR']	/usr/local/etc/php
$_SERVER['MERCURE_SUBSCRIBER_JWT_KEY']	93d3ced22700e652226f0f15311ff3ca
$_SERVER['HOME']	/root
$_SERVER['GODEBUG']	cgocheck=0
$_SERVER['PHP_LDFLAGS']	-Wl,-O1 -pie
$_SERVER['HOST_OS']	Unraid
$_SERVER['PHP_CFLAGS']	-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
$_SERVER['PHP_VERSION']	8.3.12
$_SERVER['TRUSTED_PROXIES']	127.0.0.1,192.168.2.9
$_SERVER['MERCURE_PUBLISHER_JWT_KEY']	93d3ced22700e652226f0f15311ff3ca
$_SERVER['MINIO_USERNAME']	fondor
$_SERVER['GPG_KEYS']	1198C0117593497A5EC5C199286AF1F9897469DC C28D937575603EB4ABB725861C0779DC5C0A9DE4 AFD8691FDAEDF03BDF6E460563F15A9B715376CA
$_SERVER['MINIO_ENDPOINT']	http://192.168.111.106:9000
$_SERVER['PHP_CPPFLAGS']	-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
$_SERVER['PHP_ASC_URL']	https://www.php.net/distributions/php-8.3.12.tar.xz.asc
$_SERVER['COMPOSER_ALLOW_SUPERUSER']	1
$_SERVER['PHP_URL']	https://www.php.net/distributions/php-8.3.12.tar.xz
$_SERVER['APP_SECRET']	5611be4dbe3375609c08397030bdd82b
$_SERVER['PATH']	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$_SERVER['FRANKENPHP_CONFIG']	""
$_SERVER['XDG_CONFIG_HOME']	/config
$_SERVER['XDG_DATA_HOME']	/data
$_SERVER['HOST_HOSTNAME']	Tower
$_SERVER['FRANKENPHP_LOOP_MAX']	1
$_SERVER['HOST_CONTAINERNAME']	Fondor24-demo
$_SERVER['MINIO_PASSWORD']	fondorfondor
$_SERVER['PHPIZE_DEPS']	autoconf dpkg-dev file g++ gcc libc-dev make pkg-config re2c
$_SERVER['APP_ENV']	prod
$_SERVER['PWD']	/app
$_SERVER['PHP_SHA256']	f774e28633e26fc8c5197f4dae58ec9e3ff87d1b4311cbc61ab05a7ad24bd131
$_SERVER['TZ']	Europe/Warsaw
$_SERVER['SERVER_NAME']	fondor24.programistyk.dev
$_SERVER['AUTH_TYPE']	no value
$_SERVER['REMOTE_IDENT']	no value
$_SERVER['QUERY_STRING']	no value
$_SERVER['REQUEST_METHOD']	GET
$_SERVER['REQUEST_URI']	/i.php
$_SERVER['CONTENT_LENGTH']	no value
$_SERVER['DOCUMENT_ROOT']	/app/public
$_SERVER['DOCUMENT_URI']	/i.php
$_SERVER['GATEWAY_INTERFACE']	CGI/1.1
$_SERVER['HTTP_HOST']	fondor24.programistyk.dev
$_SERVER['HTTPS']	no value
$_SERVER['PATH_INFO']	no value
$_SERVER['PHP_SELF']	/i.php
$_SERVER['REMOTE_ADDR']	192.168.2.9
$_SERVER['REMOTE_HOST']	192.168.2.9
$_SERVER['REMOTE_PORT']	54220
$_SERVER['REQUEST_SCHEME']	http
$_SERVER['SCRIPT_FILENAME']	/app/public/i.php
$_SERVER['SCRIPT_NAME']	/i.php
$_SERVER['SERVER_PORT']	80
$_SERVER['SERVER_PROTOCOL']	HTTP/1.1
$_SERVER['SERVER_SOFTWARE']	FrankenPHP
$_SERVER['SSL_PROTOCOL']	no value
$_SERVER['HTTP_SEC_CH_UA']	"Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"
$_SERVER['HTTP_SEC_CH_UA_MOBILE']	?0
$_SERVER['HTTP_ACCEPT']	text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
$_SERVER['HTTP_SEC_FETCH_SITE']	none
$_SERVER['HTTP_SEC_FETCH_MODE']	navigate
$_SERVER['HTTP_SEC_FETCH_USER']	?1
$_SERVER['HTTP_X_FORWARDED_PROTO']	https
$_SERVER['HTTP_X_REAL_IP']	192.168.2.2
$_SERVER['HTTP_ACCEPT_LANGUAGE']	pl,en-US;q=0.9,en;q=0.8,pl-PL;q=0.7
$_SERVER['HTTP_DNT']	1
$_SERVER['HTTP_USER_AGENT']	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
$_SERVER['HTTP_SEC_CH_UA_PLATFORM']	"Linux"
$_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS']	1
$_SERVER['HTTP_SEC_FETCH_DEST']	document
$_SERVER['HTTP_X_FORWARDED_SCHEME']	https
$_SERVER['HTTP_X_FORWARDED_FOR']	192.168.2.2
$_SERVER['HTTP_ACCEPT_ENCODING']	gzip, deflate, br, zstd
$_SERVER['HTTP_PRIORITY']	u=0, i
$_SERVER['HTTP_CONNECTION']	close
$_SERVER['REQUEST_TIME_FLOAT']	1729013653.0016
$_SERVER['REQUEST_TIME']	1729013653
PHP Credits
PHP Group
Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, Andrei Zmievski
Language Design & Concept
Andi Gutmans, Rasmus Lerdorf, Zeev Suraski, Marcus Boerger
PHP Authors
Contribution	Authors
Zend Scripting Language Engine	Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Marcus Boerger, Dmitry Stogov, Xinchen Hui, Nikita Popov
Extension Module API	Andi Gutmans, Zeev Suraski, Andrei Zmievski
UNIX Build and Modularization	Stig Bakken, Sascha Schumann, Jani Taskinen, Peter Kokot
Windows Support	Shane Caraveo, Zeev Suraski, Wez Furlong, Pierre-Alain Joye, Anatol Belski, Kalle Sommer Nielsen
Server API (SAPI) Abstraction Layer	Andi Gutmans, Shane Caraveo, Zeev Suraski
Streams Abstraction Layer	Wez Furlong, Sara Golemon
PHP Data Objects Layer	Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky
Output Handler	Zeev Suraski, Thies C. Arntzen, Marcus Boerger, Michael Wallner
Consistent 64 bit support	Anthony Ferrara, Anatol Belski
SAPI Modules
Contribution	Authors
Apache 2.0 Handler	Ian Holsman, Justin Erenkrantz (based on Apache 2.0 Filter code)
CGI / FastCGI	Rasmus Lerdorf, Stig Bakken, Shane Caraveo, Dmitry Stogov
CLI	Edin Kadribasic, Marcus Boerger, Johannes Schlueter, Moriyoshi Koizumi, Xinchen Hui
Embed	Edin Kadribasic
FastCGI Process Manager	Andrei Nigmatulin, dreamcat4, Antony Dovgal, Jerome Loyet
litespeed	George Wang
phpdbg	Felipe Pena, Joe Watkins, Bob Weinand
Module Authors
Module	Authors
BC Math	Andi Gutmans
Bzip2	Sterling Hughes
Calendar	Shane Caraveo, Colin Viebrock, Hartmut Holzgraefe, Wez Furlong
COM and .Net	Wez Furlong
ctype	Hartmut Holzgraefe
cURL	Sterling Hughes
Date/Time Support	Derick Rethans
DB-LIB (MS SQL, Sybase)	Wez Furlong, Frank M. Kromann, Adam Baratz
DBA	Sascha Schumann, Marcus Boerger
DOM	Christian Stocker, Rob Richards, Marcus Boerger
enchant	Pierre-Alain Joye, Ilia Alshanetsky
EXIF	Rasmus Lerdorf, Marcus Boerger
FFI	Dmitry Stogov
fileinfo	Ilia Alshanetsky, Pierre Alain Joye, Scott MacVicar, Derick Rethans, Anatol Belski
Firebird driver for PDO	Ard Biesheuvel
FTP	Stefan Esser, Andrew Skalski
GD imaging	Rasmus Lerdorf, Stig Bakken, Jim Winstead, Jouni Ahto, Ilia Alshanetsky, Pierre-Alain Joye, Marcus Boerger, Mark Randall
GetText	Alex Plotnick
GNU GMP support	Stanislav Malyshev
Iconv	Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi
IMAP	Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky
Input Filter	Rasmus Lerdorf, Derick Rethans, Pierre-Alain Joye, Ilia Alshanetsky
Internationalization	Ed Batutis, Vladimir Iordanov, Dmitry Lakhtyuk, Stanislav Malyshev, Vadim Savchuk, Kirti Velankar
JSON	Jakub Zelenka, Omar Kilani, Scott MacVicar
LDAP	Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas
LIBXML	Christian Stocker, Rob Richards, Marcus Boerger, Wez Furlong, Shane Caraveo
Multibyte String Functions	Tsukada Takuya, Rui Hirokawa
MySQL driver for PDO	George Schlossnagle, Wez Furlong, Ilia Alshanetsky, Johannes Schlueter
MySQLi	Zak Greant, Georg Richter, Andrey Hristov, Ulf Wendel
MySQLnd	Andrey Hristov, Ulf Wendel, Georg Richter, Johannes Schlüter
OCI8	Stig Bakken, Thies C. Arntzen, Andy Sautins, David Benson, Maxim Maletsky, Harald Radi, Antony Dovgal, Andi Gutmans, Wez Furlong, Christopher Jones, Oracle Corporation
ODBC driver for PDO	Wez Furlong
ODBC	Stig Bakken, Andreas Karajannis, Frank M. Kromann, Daniel R. Kalowsky
Opcache	Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Dmitry Stogov, Xinchen Hui
OpenSSL	Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar, Eliot Lear
Oracle (OCI) driver for PDO	Wez Furlong
pcntl	Jason Greene, Arnaud Le Blanc
Perl Compatible Regexps	Andrei Zmievski
PHP Archive	Gregory Beaver, Marcus Boerger
PHP Data Objects	Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky
PHP hash	Sara Golemon, Rasmus Lerdorf, Stefan Esser, Michael Wallner, Scott MacVicar
Posix	Kristian Koehntopp
PostgreSQL driver for PDO	Edin Kadribasic, Ilia Alshanetsky
PostgreSQL	Jouni Ahto, Zeev Suraski, Yasuo Ohgaki, Chris Kings-Lynne
Pspell	Vlad Krupin
random	Go Kudo, Tim Düsterhus, Guilliam Xavier, Christoph M. Becker, Jakub Zelenka, Bob Weinand, Máté Kocsis, and Original RNG implementators
Readline	Thies C. Arntzen
Reflection	Marcus Boerger, Timm Friebe, George Schlossnagle, Andrei Zmievski, Johannes Schlueter
Sessions	Sascha Schumann, Andrei Zmievski
Shared Memory Operations	Slava Poliakov, Ilia Alshanetsky
SimpleXML	Sterling Hughes, Marcus Boerger, Rob Richards
SNMP	Rasmus Lerdorf, Harrie Hazewinkel, Mike Jackson, Steven Lawrance, Johann Hanne, Boris Lytochkin
SOAP	Brad Lafountain, Shane Caraveo, Dmitry Stogov
Sockets	Chris Vandomelen, Sterling Hughes, Daniel Beulshausen, Jason Greene
Sodium	Frank Denis
SPL	Marcus Boerger, Etienne Kneuss
SQLite 3.x driver for PDO	Wez Furlong
SQLite3	Scott MacVicar, Ilia Alshanetsky, Brad Dewar
System V Message based IPC	Wez Furlong
System V Semaphores	Tom May
System V Shared Memory	Christian Cartus
tidy	John Coggeshall, Ilia Alshanetsky
tokenizer	Andrei Zmievski, Johannes Schlueter
XML	Stig Bakken, Thies C. Arntzen, Sterling Hughes
XMLReader	Rob Richards
XMLWriter	Rob Richards, Pierre-Alain Joye
XSL	Christian Stocker, Rob Richards
Zip	Pierre-Alain Joye, Remi Collet
Zlib	Rasmus Lerdorf, Stefan Roehrich, Zeev Suraski, Jade Nicoletti, Michael Wallner
PHP Documentation
Authors	Mehdi Achour, Friedhelm Betz, Antony Dovgal, Nuno Lopes, Hannes Magnusson, Philip Olson, Georg Richter, Damien Seguy, Jakub Vrana, Adam Harvey
Editor	Peter Cowburn
User Note Maintainers	Daniel P. Brown, Thiago Henrique Pojda
Other Contributors	Previously active authors, editors and other contributors are listed in the manual.
PHP Quality Assurance Team
Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Pierre-Alain Joye, Dmitry Stogov, Felipe Pena, David Soria Parra, Stanislav Malyshev, Julien Pauli, Stephen Zarkos, Anatol Belski, Remi Collet, Ferenc Kovacs
Websites and Infrastructure team
PHP Websites Team	Rasmus Lerdorf, Hannes Magnusson, Philip Olson, Lukas Kahwe Smith, Pierre-Alain Joye, Kalle Sommer Nielsen, Peter Cowburn, Adam Harvey, Ferenc Kovacs, Levi Morrison
Event Maintainers	Damien Seguy, Daniel P. Brown
Network Infrastructure	Daniel P. Brown
Windows Infrastructure	Alex Schoenmaker
PHP License
This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact [email protected].

Relevant log output

No response

[dunglas]

The Symfony Runtime for FrankenPHP does call the reset method of the kernel between each request. This is most likely a service with a global state (in your app or in a 3rd party bundle such as LexikJWT) that doesn't implement the ResetInterface to cleanup this global state, while it should.

[mrblur]

Forgive my ignorance, but I couldn't find anything that resets the kernel between requests. Only a call to terminate() but this method only dispatches a terminate event.

I have run my app in dev env on worker mode and got this curious access decision log from one of the failed requests:

My application has a total of 3 controllers - one for downloading "public" files, one for downloading "private" files, one for redirecting / to /ui as the frontend is served from static files.

How come a single request checks 3 times if the user is authenticated fully, three times checks for file download permission (see different object instances - different files) and checks once for an entity that is not even a file? This voter runs only for files and requests that have _authToken query parameter.

I have added below code to Runner.php do loop, just before gc_collect_cycles() and the issue is gone. How a bundle or other service can hold profiler collector state to share between requests?

if ($this->kernel instanceof KernelInterface && $sfRequest && $sfResponse) {
    $this->kernel->shutdown();
}

Is it possible that the whole issue comes from sharing memory between requests by the worker itself?

[AlliBalliBaba]

Are you talking about this Runner.php? It looks like the runtime is somehow not executing correctly or maybe your Kernel doesn't implement the Terminable Interface, I think it should though for Symfony 6.4.