A new Symfony minor version release is a good opportunity to deprecate some features in preparation for their removal in the next major version. In Symfony 7.2, we've deprecated the following features that will be removed in Symfony 8.0.
Deprecated Session ID Config Options
PHP defines two INI options called session.sid_length
and session.sid_bits_per_character
.
The PHP maintainers recognized these options as problematic because developers could
set session IDs that are too short (and therefore unsafe) or too long (which is
unnecessary and consumes more CPU resources without significant security benefits).
That's why, starting in PHP 8.4, they deprecated those options, and in Symfony 7.2,
we've deprecated the corresponding options under framework.session
.
Remove the Default Garbage Collector Probability
When a session opens, PHP calls the garbage collector handler randomly based on the
probability defined by session.gc_probability
/session.gc_divisor
(e.g.,
a 5/100 configuration means a 5% chance of invoking the garbage collector).
In Symfony, the session.gc_probability
option had a default value of 1
.
This value overrode the corresponding PHP INI setting, but we encourage using
the native PHP session features (including the default session folder). As a result,
we've removed this default value and now rely on the PHP INI settings by default.
Deprecated More Session Config Options
PHP 8.4 also deprecated other options related to sessions. Consequently, when
using NativeSessionStorage
, it's now deprecated to configure these options:
referer_check
, use_only_cookies
, use_trans_sid
, trans_sid_hosts
,
and trans_sid_tags
.
Deprecated Empty User Identifiers
In Symfony, some authenticators like FormLoginAuthenticator
and
JsonLoginAuthenticator
already check if the provided user identifier is an
empty string and throw an exception if it is.
We believe all authenticators should enforce this behavior, so we updated the following:
- The
getUserIdentifier()
method ofUserInterface
must now return a non-empty string; - Passing an empty user identifier to the constructor of
UserBadge
is now deprecated.
Deprecated the !tagged
Tag
When working with service tags, the !tagged_iterator
tag in YAML and XML files
allows you to inject all services tagged with a specific tag:
1 2 3 4 5 6 7 8
# config/services.yaml services: # ... App\HandlerCollection: # inject all services tagged with 'app.handler' arguments: - !tagged_iterator 'app.handler'
The !tagged_iterator
tag replaced the !tagged
tag, which was still supported
in YAML/XML files. In Symfony 7.2, the !tagged
tag is officially deprecated.
That's been reverted today, hasn't it? See: https://github.com/symfony/symfony/pull/58950
Yes, it's been now removed from the article 🙂
@Jacob you are right. I just removed that section from the blog post. Thanks!