Avoid Starting Sessions for Anonymous Users
Warning: You are browsing the documentation for Symfony 2.x, which is no longer maintained.
Read the updated version of this page for Symfony 7.2 (the current stable version).
Sessions are automatically started whenever you read, write or even check for the existence of data in the session. This means that if you need to avoid creating a session cookie for some users, it can be difficult: you must completely avoid accessing the session.
For example, one common problem in this situation involves checking for flash messages, which are stored in the session. The following code would guarantee that a session is always started:
1 2 3 4 5
{% for flashMessage in app.session.flashBag.get('notice') %}
<div class="flash-notice">
{{ flashMessage }}
</div>
{% endfor %}
Even if the user is not logged in and even if you haven't created any flash messages,
just calling the get()
(or even has()
) method of the flashBag
will
start a session. This may hurt your application performance because all users will
receive a session cookie. To avoid this behavior, add a check before trying to
access the flash messages:
1 2 3 4 5 6 7
{% if app.request.hasPreviousSession %}
{% for flashMessage in app.session.flashBag.get('notice') %}
<div class="flash-notice">
{{ flashMessage }}
</div>
{% endfor %}
{% endif %}