Auth available after the end of previous request, leading to uncleared auth

[oprypkhantc]

Given configuration:

1 worker
empty clear_providers
clear_instances -> auth
default listeners

If first request resolves auth, it will be available (resolved) during next request as well, even before BeforeLoopIterationEvent is fired.

We fixed it by adding session and session.store to clear_instances and disabling ResetSessionListener, as those are singletons holding user-related data and should be "forgotten" in container before processing next request.

The question is: why isn't this the default? Why does ResetSessionListener even exist in the first place? There is also UnqueueCookiesListener, but again, why not just clear cookie instance?

It's not meant to be offensive, I'm just asking in case I missed something :)

[oprypkhantc]

Sorry, spoke too soon. Fixed one problem, caused another one.

[oprypkhantc]

Okay, I found the problem. We've used injection of Guard in middlewares which caused the issue. Obviously, clearing an instance did not help as the old instance was still saved in a property of middleware instance.

I think it would make sense to add documentation, explaining that you should never constructor-inject session, session.store, auth or auth Guard, and instead use method-injection or access them through Request instance.

[tarampampam]

Thx for your feedback! Isuue now can be closed?