include::../description.adoc[]

== Noncompliant Code Example

In a https://symfony.com/doc/current/reference/configuration/security.html#session-fixation-strategy[Symfony Security]'s context, session fixation protection can be disabled with the value ``++none++`` for the ``++session_fixation_strategy++`` attribute:

----
namespace Symfony\Component\DependencyInjection\Loader\Configurator;

return static function (ContainerConfigurator $container) {
    $container->extension('security', [
        'session_fixation_strategy' => 'none', // Noncompliant
    ]);
};
----

== Compliant Solution

In a https://symfony.com/doc/current/reference/configuration/security.html#session-fixation-strategy[Symfony Security]'s context, session fixation protection is enabled by default. It can be explicitly enabled with the values ``++migrate++`` and ``++invalidate++`` for the ``++session_fixation_strategy++`` attribute:

----
namespace Symfony\Component\DependencyInjection\Loader\Configurator;

return static function (ContainerConfigurator $container) {
    $container->extension('security', [
        'session_fixation_strategy' => 'migrate', // Compliant
    ]);
};
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]