Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow sessions to file. fixes #2001, #2186 and refs #3454 #3522

Merged
merged 7 commits into from
Apr 6, 2017
Merged

allow sessions to file. fixes #2001, #2186 and refs #3454 #3522

merged 7 commits into from
Apr 6, 2017

Conversation

craigh
Copy link
Member

@craigh craigh commented Apr 5, 2017
edited
Loading

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Fixed tickets fixes #2001, #2186
Refs tickets #3454
License MIT
Changelog updated yes

@craigh craigh added this to the 1.5.0 milestone Apr 5, 2017
@craigh craigh self-assigned this Apr 5, 2017
@craigh
Copy link
Member Author

craigh commented Apr 5, 2017

hmm - a problem with the CLI invalid csrf ... 🤔 😠

@matthiasnoback - do you know why symfony-console-form is using the tokens? I thought it would ignore them? see https://travis-ci.org/zikula/core/builds/219052481

@craigh
Copy link
Member Author

craigh commented Apr 5, 2017
edited
Loading

well I came up with a sort of hacky fix to the csrf problem when using cli.

@craigh craigh requested a review from Guite April 5, 2017 23:55
Guite
Guite reviewed Apr 6, 2017
View reviewed changes
src/docs/Core-2.0/Session.md Outdated
===================

Sessions can be stored in the Database or in the Filesystem. This choice as well as a few configuration options
can be set in the ZikulaSecurityModule:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo. How about Zikula SecurityCenter module?

Guite
Guite reviewed Apr 6, 2017
View reviewed changes
src/lib/Zikula/Bundle/CoreInstallerBundle/Stage/Install/CompleteStage.php
$request->getSession()->getFlashBag()->add('info', $this->__f(
'Session are currently configured to use the filesystem. It is recommended that you change this to use the database. Click %here% to configure.',
['%here%' => '<a href="' . $router->generate('zikulasecuritycentermodule_config_config') . '">' . $this->__('Security Center') . '</a>']
));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to change it to the database automatically during/after the CompleteStage?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it forces a re-login, so I didn't think that was the best method.

Guite
Guite reviewed Apr 6, 2017
View reviewed changes
Copy link
Member

@Guite Guite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice! Added some minor comments.

@matthiasnoback
Copy link

@craigh Indeed, I thought the csrf_protection was always set to false when using SymfonyConsoleForm. Maybe a newer form version has broken it? Don't know.

@craigh
Copy link
Member Author

craigh commented Apr 6, 2017

@matthiasnoback - we are using an older version of your library with this branch - could that be the cause? Was there anything special with the form classes I was to do?

@matthiasnoback
Copy link

@craigh Honestly, don't know.

@craigh
Copy link
Member Author

craigh commented Apr 6, 2017

@matthiasnoback looks like I just needed to update the library. I was using an older version (v1) because this branch originally was restricted to php >= 5.4, but now it is updated to require php >=5.5 and so I can use v2 of the lib and this fixes the problem.

@craigh craigh merged commit 106a602 into 1.5 Apr 6, 2017
@craigh craigh deleted the sessions branch April 6, 2017 10:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Guite Guite Guite left review comments

Assignees

@craigh craigh

Labels
None yet
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@craigh @matthiasnoback @Guite