Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Symfony PdoSessionHandler + Doctrine: Property $sessId is never written, only read. #575

Open
Adambean opened this issue Jun 8, 2024 · 3 comments
Open

Symfony PdoSessionHandler + Doctrine: Property $sessId is never written, only read. #575

Adambean opened this issue Jun 8, 2024 · 3 comments

Comments

@Adambean
Copy link

Adambean commented Jun 8, 2024

Very closely related: #229

If you have an entity class to handle PDO based Symfony sessions (Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler) the $sessId property will cause PHPStan to think that property $sessId is never written, only read. The purpose of having an entity class is to add extra properties in a session row, such as a link to a user entity, an IP address, browser user agent string, etc.

The Doctrine object manager loader ("tests/object-manager.php") does not solve this problem because the session ID does not use a Doctrine managed primary key generator. (This is identical to the PHP generated session ID.)

Example:

class Session
{
    /** @var resource $sessId */
    #[ORM\Column(name: "sess_id", type: DBALTypes::BINARY, length: 128, unique: true, nullable: false)]
    #[ORM\Id]
    #[ORM\GeneratedValue(strategy: "NONE")]
    private $sessId;
}

Is it possible to mark variable $sessId as read-only without ignoring the error globally? I don't think @property-read will be suitable here as this still requires a getSessId() method to read it.
@Adambean Adambean changed the title Symfony PdoSessionHandler: Property $sessId is never written, only read. Symfony PdoSessionHandler + Doctrine: Property $sessId is never written, only read. Jun 8, 2024
@ondrejmirtes
Copy link
Member

So this is always just a single class in the project? Where is the class name setting stored? How can we detect which class is that?

@Adambean
Copy link
Author

Adambean commented Jun 9, 2024

The class name is arbitrary to the project, and it's not really configured as such in the project either. It just exists as a Doctrine entity class like any other in userland. Typically we'd be guided to make our sessions table manually with pre-provided SQL, however declaring it as an entity class instead makes sense to allow for userland extensions to it.

What's going on here is that the underlying Symfony PDO session handler is using the same PDO DSN as Doctrine does in userland. (This appears to be the default recommendation.) There are configuration options here to determine the name of the table (usually "sessions") and the column name containing the read-only session ID "db_id_col" (usually "sess_id") though this likely extends beyond the scope of PHPStan, plus it doesn't bare any resemblance to a particular arbitrary entity class in userland.

I guess what I'm somewhat after is a feature akin to @var-read.

@ondrejmirtes
Copy link
Member

Or you can just ignore this one instance of an error https://phpstan.org/user-guide/ignoring-errors 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ondrejmirtes @Adambean