NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

Symfony 5.4 - Why do I still get`PHPSESSID` cookie for`/probe` paths despite setting firewall`security` to`false` and`stateless` to`true`?#61019

Unanswered

renepupil asked this question inQ&A

Symfony 5.4 - Why do I still get `PHPSESSID` cookie for `/probe` paths despite setting firewall `security` to `false` and `stateless` to `true`?#61019

renepupil

Jul 2, 2025

· 1 comment

Return to top

Discussion options

renepupil
Jul 2, 2025

We use redis as native session storage inphp.ini template:

session.save_handler = redissession.save_path = "${REDIS_PATH}"session.cookie_httponly = 1session.use_strict_mode = 1session.cookie_secure = 1session.use_trans_sid = 0

Sessionframework.yaml settings:

framework:session:handler_id:~cookie_secure:truecookie_httponly:truestorage_factory_id:session.storage.factory.php_bridge

We added some/probe routes for kubernetes probes:

#[Route('/probe', name:'app_frontend_probe_')]class ProbeControllerextends AbstractController{    #[Route('/liveness', name:'liveness')]publicfunction getLiveness(Request$request):JsonResponse

For these we don't security and sessions, hence I disabled security for/probe routes insecurity.yaml:

security:firewalls:probe:pattern:^/probe/security:falsestateless:true

Why do I still getPHPSESSID when calling/probe/ endpoints with these settings in browser?

You must be logged in to vote

Replies: 1 comment

Comment options

MatTheCat
Jul 2, 2025

Can you check yourprobe firewall really matches/probe/liveness (it won’t be the case if a previous firewall’s pattern also matches)?

(Note that you don’t need to configure a firewall asstateless if itssecurity isfalse.)

If a session is still being created, configure your routes asstateless to see why; you should probably do it anyway.

You must be logged in to vote

0 replies

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Symfony 5.4 - Why do I still get`PHPSESSID` cookie for`/probe` paths despite setting firewall`security` to`false` and`stateless` to`true`?#61019

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

renepupil
Jul 2, 2025

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

MatTheCat
Jul 2, 2025

Select a reply

Uh oh!

Movatterモバイル変換

Uh oh!

Symfony 5.4 - Why do I still getPHPSESSID cookie for/probe paths despite setting firewallsecurity tofalse andstateless totrue?#61019

Uh oh!

Uh oh!

renepupilJul 2, 2025

Replies: 1 comment

Uh oh!

Uh oh!

MatTheCatJul 2, 2025

Uh oh!

Symfony 5.4 - Why do I still get`PHPSESSID` cookie for`/probe` paths despite setting firewall`security` to`false` and`stateless` to`true`?#61019

renepupil
Jul 2, 2025

MatTheCat
Jul 2, 2025