Added `InputBag`

Contributed by Saif in #34363

The ParameterBag class defined by Symfony is like an object-oriented array which stores related values and provides methods such as get(), set(), has(), etc. Symfony defines specialized ParameterBag classes for some purposes (e.g. FileBag for uploaded files, ServerBag for HTTP headers, etc.)

In Symfony 5.1 we've introduced a new InputBag class (which extends from ParameterBag) to manage values provided by the user (via $_GET, $_POST, $_REQUEST, and $_COOKIE superglobals).

Encrypted session data

Contributed by Ahmed Tailouloute in #35804

Encrypting data is one of the recommended ways to minimize the damage caused by security leaks. In Symfony 5.1 you can encrypt the contents of the session using a new MarshallingSessionHandler, which in turn uses the marshaller from the Cache component.

Use the following configuration to define the needed data to encrypt the sessions:

        1
2
3
4
5
        Symfony\Component\Cache\Marshaller\SodiumMarshaller:
    decorates: 'session.marshaller'
    arguments:
        - ['%env(file:resolve:SODIUM_DECRYPTION_FILE)%']
        - '@.inner'
    

Support all HTTP Cache-Control directives

Contributed by Saif in #35748

Symfony supports the most used HTTP Cache-control directives (etag, last_modified, max_age, public , etc.). However, we were missing some of them, so we decided to add support for all cache-control directives in Symfony 5.1:

etag
immutable
last_modified
max_age
must_revalidate
no_cache
no_store
no_transform
private
proxy_revalidate
public
s_maxage

Contributed by Nikita Safonov in #35215

Cookies define lots of configuration parameters. That's why the Cookie::create() named constructor defines nine arguments! In Symfony 5.1 we introduced some methods to turn the Cookie class into a builder object if you prefer to use it that way:

        1
2
3
4
5
6
7
8
9
10
11
12
13
14
        use Symfony\Component\HttpFoundation\Cookie;

// Before
$cookie = Cookie::create(
    'foo', 'bar', new \DateTime('+1 year'), '/', '.myfoodomain.com', true, true
);

// After
$cookie = Cookie::create('foo')
    ->withValue('bar')
    ->withExpires(new \DateTime('+1 year'))
    ->withDomain('.myfoodomain.com')
    ->withSecure(true)
    ->withHttpOnly(true);
    

Each withXXX() method returns a new instance of the Cookie object, so you can also use them to change some parameter of an existing cookie object to create a new one.

Published in #Living on the edge

Josef Kufner said on May 20, 2020 at 14:12

It would be so nice to have generics to implement all these bags …

Alex Rock <p> <b>Alex Rock</b> is a certified Symfony engineer. </p> </div> <div class="blog-popover-certified-body"> <p><b>Get certified!</b> Online exams available in all countries.</p> <a class="ui-button ui-button-block ui-button-primary" href=https://symfony.com/blog/"https://certification.symfony.com/" >Register Now</a> </div> ">Certified said on May 20, 2020 at 22:07

@Josef : well, when Symfony will take over PHP, maybe Generics will be the first pushed RFC 🤣 In the meantime, having ArrayAccess + Traversable native interfaces already helps creating generics-like classes, and it's easier for BC (since you have total control over every method call and can trigger deprecations as much as you need, which is the case here)

New in Symfony 5.1 HttpFoundation improvements

Added `InputBag`

Encrypted session data

Support all HTTP Cache-Control directives

Comments

Become a Symfony contributor

New in Symfony 5.1 HttpFoundation improvements

Added InputBag

Encrypted session data

Support all HTTP Cache-Control directives

Cookie builder

Comments

Added `InputBag`