allow to ignore cookie header

dbu · dbu · commit e60ad47a4dfe · 2018-03-15T17:55:03.000+01:00
diff --git a/doc/symfony-cache-configuration.rst b/doc/symfony-cache-configuration.rst
@@ -152,6 +152,8 @@ options through the constructor:
   **default**: ``['Authorization', 'HTTP_AUTHORIZATION', 'PHP_AUTH_USER']``
 
 * **session_name_prefix**: Prefix for session cookies. Must match your PHP session configuration.
+  If cookies are not relevant in your application, you can set this to ``false`` to ignore any
+  cookies. (**Only set this to ``false`` if you do not use sessions at all.**)
 
   **default**: ``PHPSESSID``
 
diff --git a/src/SymfonyCache/UserContextSubscriber.php b/src/SymfonyCache/UserContextSubscriber.php
@@ -54,6 +54,8 @@ class UserContextSubscriber implements EventSubscriberInterface
      * - user_hash_method:        HTTP Method used with the hash lookup request for user context hash generation.
      * - user_identifier_headers: List of request headers that authenticate a non-anonymous request.
      * - session_name_prefix:     Prefix for session cookies. Must match your PHP session configuration.
+     *                            To completely ignore the cookies header and consider requests with cookies
+     *                            anonymous, pass false for this option.
      *
      * @param array $options Options to overwrite the default options
      *
@@ -81,7 +83,7 @@ public function __construct(array $options = array())
             $resolver->setAllowedTypes('user_hash_method', array('string'));
             // actually string[] but that is not supported by symfony < 3.4
             $resolver->setAllowedTypes('user_identifier_headers', array('array'));
-            $resolver->setAllowedTypes('session_name_prefix', array('string'));
+            $resolver->setAllowedTypes('session_name_prefix', array('string', 'boolean'));
         }
 
         $this->options = $resolver->resolve($options);
@@ -141,6 +143,11 @@ public function preHandle(CacheEvent $event)
      */
     protected function cleanupHashLookupRequest(Request $hashLookupRequest, Request $originalRequest)
     {
+        if (!$this->options['session_name_prefix']) {
+            $hashLookupRequest->headers->remove('Cookie');
+
+            return;
+        }
         $sessionIds = array();
         foreach ($originalRequest->cookies as $name => $value) {
             if ($this->isSessionName($name)) {
diff --git a/src/UserContext/AnonymousRequestMatcher.php b/src/UserContext/AnonymousRequestMatcher.php
@@ -41,7 +41,7 @@ public function __construct(array $options = array())
         ) {
             // actually string[] but that is not supported by symfony < 3.4
             $resolver->setAllowedTypes('user_identifier_headers', array('array'));
-            $resolver->setAllowedTypes('session_name_prefix', array('string'));
+            $resolver->setAllowedTypes('session_name_prefix', array('string', 'boolean'));
         }
 
         $this->options = $resolver->resolve($options);
@@ -58,9 +58,11 @@ public function matches(Request $request)
             }
         }
 
-        foreach ($request->cookies as $name => $value) {
-            if (0 === strpos($name, $this->options['session_name_prefix'])) {
-                return false;
+        if ($this->options['session_name_prefix']) {
+            foreach ($request->cookies as $name => $value) {
+                if (0 === strpos($name, $this->options['session_name_prefix'])) {
+                    return false;
+                }
             }
         }
 
diff --git a/tests/Unit/SymfonyCache/UserContextSubscriberTest.php b/tests/Unit/SymfonyCache/UserContextSubscriberTest.php
@@ -178,6 +178,34 @@ public function testUserHashUserWithSession($arg, $options)
         $this->assertSame($expectedContextHash, $request->headers->get($options['user_hash_header']));
     }
 
+    /**
+     * When the session_name_prefix is set to false, the cookie header is completely ignored.
+     *
+     * This test does not have authentication headers and thus considers the request anonymous.
+     */
+    public function testUserHashUserIgnoreCookies()
+    {
+        $userContextSubscriber = new UserContextSubscriber([
+            'session_name_prefix' => false,
+        ]);
+
+        $sessionId1 = 'my_session_id';
+        $cookies = array(
+            'PHPSESSID' => $sessionId1,
+        );
+        $cookieString = "PHPSESSID=$sessionId1";
+        $request = Request::create('/foo', 'GET', array(), $cookies, array(), array('Cookie' => $cookieString));
+
+        $event = new CacheEvent($this->kernel, $request);
+
+        $userContextSubscriber->preHandle($event);
+        $response = $event->getResponse();
+
+        $this->assertNull($response);
+        $this->assertTrue($request->headers->has('X-User-Context-Hash'));
+        $this->assertSame('38015b703d82206ebc01d17a39c727e5', $request->headers->get('X-User-Context-Hash'));
+    }
+
     /**
      * @dataProvider provideConfigOptions
      */

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function __construct(array $options = array())`
`41`	`41`	`) {`
`42`	`42`	`// actually string[] but that is not supported by symfony < 3.4`
`43`	`43`	`$resolver->setAllowedTypes('user_identifier_headers', array('array'));`
`44`		`- $resolver->setAllowedTypes('session_name_prefix', array('string'));`
	`44`	`+ $resolver->setAllowedTypes('session_name_prefix', array('string', 'boolean'));`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`$this->options = $resolver->resolve($options);`
`@@ -58,9 +58,11 @@ public function matches(Request $request)`
`58`	`58`	`}`
`59`	`59`	`}`
`60`	`60`
`61`		`- foreach ($request->cookies as $name => $value) {`
`62`		`- if (0 === strpos($name, $this->options['session_name_prefix'])) {`
`63`		`- return false;`
	`61`	`+ if ($this->options['session_name_prefix']) {`
	`62`	`+ foreach ($request->cookies as $name => $value) {`
	`63`	`+ if (0 === strpos($name, $this->options['session_name_prefix'])) {`
	`64`	`+ return false;`
	`65`	`+ }`
`64`	`66`	`}`
`65`	`67`	`}`
`66`	`68`