47 lines
1.4 KiB
Plaintext
47 lines
1.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
== Noncompliant Code Example
|
|
|
|
In a https://symfony.com/doc/current/reference/configuration/security.html#session-fixation-strategy[Symfony Security]'s context, session fixation protection can be disabled with the value ``++none++`` for the ``++session_fixation_strategy++`` attribute:
|
|
|
|
----
|
|
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
|
|
|
return static function (ContainerConfigurator $container) {
|
|
$container->extension('security', [
|
|
'session_fixation_strategy' => 'none', // Noncompliant
|
|
]);
|
|
};
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
In a https://symfony.com/doc/current/reference/configuration/security.html#session-fixation-strategy[Symfony Security]'s context, session fixation protection is enabled by default. It can be explicitly enabled with the values ``++migrate++`` and ``++invalidate++`` for the ``++session_fixation_strategy++`` attribute:
|
|
|
|
----
|
|
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
|
|
|
|
return static function (ContainerConfigurator $container) {
|
|
$container->extension('security', [
|
|
'session_fixation_strategy' => 'migrate', // Compliant
|
|
]);
|
|
};
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|