Added InputBag¶

Contributed by
Saif
in #34363.

The ParameterBag class defined by Symfony is like an object-oriented array which stores related values and provides methods such as get(), set(), has(), etc. Symfony defines specialized ParameterBag classes for some purposes (e.g. FileBag for uploaded files, ServerBag for HTTP headers, etc.)

In Symfony 5.1 we've introduced a new InputBag class (which extends from ParameterBag) to manage values provided by the user (via $_GET, $_POST, $_REQUEST, and $_COOKIE superglobals).

Encrypted session data¶

Contributed by
Ahmed Tailouloute
in #35804.

Encrypting data is one of the recommended ways to minimize the damage caused by security leaks. In Symfony 5.1 you can encrypt the contents of the session using a new MarshallingSessionHandler, which in turn uses the marshaller from the Cache component.

Use the following configuration to define the needed data to encrypt the sessions:

1
2
3
4
5

Symfony\Component\Cache\Marshaller\SodiumMarshaller:
    decorates: 'session.marshaller'
    arguments:
        - ['%env(file:resolve:SODIUM_DECRYPTION_FILE)%']
        - '@.inner'

Support all HTTP Cache-Control directives¶

Contributed by
Saif
in #35748.

Symfony supports the most used HTTP Cache-control directives (etag, last_modified, max_age, public , etc.). However, we were missing some of them, so we decided to add support for all cache-control directives in Symfony 5.1:

• etag
• immutable
• last_modified
• max_age
• must_revalidate
• no_cache
• no_store
• no_transform
• private
• proxy_revalidate
• public
• s_maxage

Cookie builder¶

Contributed by
Nikita Safonov
in #35215.

Cookies define lots of configuration parameters. That's why the Cookie::create() named constructor defines nine arguments! In Symfony 5.1 we introduced some methods to turn the Cookie class into a builder object if you prefer to use it that way:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

use Symfony\Component\HttpFoundation\Cookie;

// Before
$cookie = Cookie::create(
    'foo', 'bar', new \DateTime('+1 year'), '/', '.myfoodomain.com', true, true
);

// After
$cookie = Cookie::create('foo')
    ->withValue('bar')
    ->withExpires(new \DateTime('+1 year'))
    ->withDomain('.myfoodomain.com')
    ->withSecure(true)
    ->withHttpOnly(true);

Each withXXX() method returns a new instance of the Cookie object, so you can also use them to change some parameter of an existing cookie object to create a new one.