I suspect your meant to open the PR against 2.3

No since it's a bc break.

@Tobion But you have a bunch of unrelated commits in this PR.

Because 2.3 is not merged in master yet.

@Tobion 2.3 has now been merged into master.

This would be ready. Where should I document the change (depends for which version it gets merged)?

@Tobion I think similar changes should be done in the DBAL session handler.
The lazy connection is useless there as DBAL itself is lazy, and the table creation uses the DBAL schema system already, but the switch to BLOB would make sense for consistency

@stof Yes I can do that in a later PR when we know whether#10908 stays in 2.3 or not.

@stof you know what fabbot.io is complaining about?http://fabbot.io/report/symfony/symfony/10931/953226bdb666880c61157a42d7839eb42c9c8c9c

There are some extra spaces after the ';'

@venyii Thanks for spotting

Reopened against 2.5:#10991

Ok, master 2.6 again.

@fabpot ready

I'll write a blog post about this soon.

@Tobion please cross link your post here

@fabpot this is ready for merge.

I tested the binary data and the different locking strategies with both mysql and sqlite. It works like a charm. But I don't have postgres, oracle, mssql available. So it would be good if the community can test the class with these DBMS. Or I might find time to set it up later.
I would propose to merge this and then we can still easily fix it if there are problems with binary data for postgres/oracle/mysql.

@symfony/deciders ping

@Tobion should one of the locking strategies be recommended for the "regular-user"?

The default strategy (transactional) is recommended because it's most reliable across dbms.

The documentation could enjoy an update in this section:http://symfony.com/doc/current/cookbook/configuration/pdo_session_storage.html#sharing-your-database-connection-information

As it's not recommended anymore to share the doctrine connection, we should deprecate this part

What about anauto-save parameter in the framework bundle (in the session section)?
I mean, we could auto save the session on an event (for example Kernel::REQUEST) to release the lock and prevent locking simultaneous ajax requests.
This auto-save could be disabled on some route using a annotation.

@romainneutron this section is only about sharing the connectionsettings. Not the connection itself. So this part is still ok.

@romainneutron this section is only about sharing the connection settings. Not the connection itself. So this part is still ok.

woops, you're right

I think there are different cases that need to be examined, e.g. an AJAX request to:

• a non-secured path without firewall and a controller without session access: nothing to do as no blocking is involved
• a secured path and a controller with session access: we cannot improve anything. users should call session->save() before they do some other heavy stuff (in case they do).
• a secured path and a controller without session access: AFAIK the security bundle accesses session data. so in theory the session could be closed right after that, so the lock does not cover the time in the controller where the session is not used.

a secured path and a controller with session access: we cannot improve anything. users should call session->save() before they do some other heavy stuff (in case they do).

Maybe we could add a listener onkernel.terminate with a high priority, to save the session before the actions done after the response sending are processed. This would solve the issue for the common case triggered by the memory spool delaying the session saving for instance

What about some sort of debugging mechanism (e.g. A class using ArrayAccess) which will throw exceptions in case a code snippet tries to add/manipulate session data after the session has already been written+closed?

@stof yes that is what I proposed in#6417 to fix that issue.
@staabm Zend Session has this feature as far as I remember. But its not related to this PR.
Please just focus on this PR and discuss other things in other tickets.

Any votes?

👍

I just realize this also fixes#9029

Thank you so much for working on this@Tobion. This is much appreciated.

@Tobion hey, i just wanted to come back at you about this and thank you for implementing our suggestions. It helped us immensely and made it possible to stay up to date with the latest symfony versions.

Especially exposing the lock strategies made it possible that we can utilize our session implementation.

So, just a quick thank you for your work and for listening and seeking a constructive discussion (see#10908)

(I know, it has been a while, but as I just updated our system to be based on symfony 2.7 I realized just how much this change helped)