Baldinof
commented
1 year ago Normally sessions should work out of the box now with Symfony.
What version of Symfony are you using?
Can you reproduce on a fresh Symfony install?
Open FluffyDiscord opened 1 year ago
Baldinof
commented
1 year ago Normally sessions should work out of the box now with Symfony.
What version of Symfony are you using?
Can you reproduce on a fresh Symfony install?
FluffyDiscord
commented
1 year ago Using symfony 6.3 I have hard time reproducing it on production too, but it does happen as clients reported this multiple times and today that happened to me too
Baldinof
commented
1 year ago Are you using a custom session handler?
FluffyDiscord
commented
1 year ago this is the whole framework.yaml
# see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
http_method_override: false
trusted_proxies: '127.0.0.1/8,REMOTE_ADDR,SERVER_NAME'
trusted_headers: [ 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix' ]
secret: '%env(APP_SECRET)%'
handle_all_throwables: true
#csrf_protection: true
#http_method_override: true
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:
storage_factory_id: session.storage.factory.native
handler_id: session.handler.native_file
save_path: '%kernel.project_dir%/sessions/%kernel.environment%'
cookie_secure: auto
cookie_samesite: lax
cookie_lifetime: 31536000 # one year in seconds
#esi: true
#fragments: true
php_errors:
log: true
webspec2012
commented
1 year ago Maybe this is also related to my problem?
Baldinof
commented
1 year ago I'll try to give it some time, it's strange 😬
Baldinof
commented
1 year ago I tried to had a look with no luck.
I tried on a fresh project, using in-memory or doctrine as user storage and everything was working fine (with one or many workers).
Are you able to provide a reproducer repository? I would gladely help as it seems pretty serious but I'm not able to reproduce it on a fresh project.
FluffyDiscord
commented
1 year ago I have added the following middleware, and so far it seems fine. Since the ServicesResetter does not register all services that can be reset (my own, internal symfony's, bundles, eg.) combining it with iterating over the private container services seems to finally work as intended.
<?php
namespace App\RoadRunner\Middleware;
use Baldinof\RoadRunnerBundle\Http\MiddlewareInterface;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\DependencyInjection\ServicesResetter;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Contracts\Service\ResetInterface;
readonly class ServiceReSetterMiddleware implements MiddlewareInterface
{
public function __construct(
#[Autowire("@service_container")]
private ContainerInterface $container,
#[Autowire("@services_resetter")]
private ServicesResetter $servicesResetter,
)
{
}
public function process(Request $request, HttpKernelInterface $next): \Iterator
{
yield $next->handle($request);
$this->servicesResetter->reset();
$ref = new \ReflectionClass($this->container);
$prop = $ref->getProperty("privates");
$services = $prop->getValue($this->container);
foreach ($services as $service) {
if ($service instanceof ResetInterface) {
$service->reset();
}
}
}
}I would live to add reproducer repo, but I cant myself easily reproduce it, it was really random.
In production, the Symfony somehow loads different logged user than myself. This is major bug. I suspect it's because of sessions not being closed/refresh between requests. I remember this bundle having middleware that would deal with that, but it was removed recently and I am not sure why.
I run RR with 16 workers, so worker 1 has logged user A, worker 2 has user B, and when user B get worker 1, it instead loads the worker 1 user and voila, I am in a different user account.
What do I do?