Workers sharing logged users #118
Comments
|
Normally sessions should work out of the box now with Symfony. What version of Symfony are you using? Can you reproduce on a fresh Symfony install? |
|
Using symfony 6.3 I have hard time reproducing it on production too, but it does happen as clients reported this multiple times and today that happened to me too |
|
Are you using a custom session handler? |
|
this is the whole # see https://symfony.com/doc/current/reference/configuration/framework.html
framework:
http_method_override: false
trusted_proxies: '127.0.0.1/8,REMOTE_ADDR,SERVER_NAME'
trusted_headers: [ 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix' ]
secret: '%env(APP_SECRET)%'
handle_all_throwables: true
#csrf_protection: true
#http_method_override: true
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:
storage_factory_id: session.storage.factory.native
handler_id: session.handler.native_file
save_path: '%kernel.project_dir%/sessions/%kernel.environment%'
cookie_secure: auto
cookie_samesite: lax
cookie_lifetime: 31536000 # one year in seconds
#esi: true
#fragments: true
php_errors:
log: true |
|
Maybe this is also related to my problem? |
|
I'll try to give it some time, it's strange 😬 |
|
I tried to had a look with no luck. I tried on a fresh project, using in-memory or doctrine as user storage and everything was working fine (with one or many workers). Are you able to provide a reproducer repository? I would gladely help as it seems pretty serious but I'm not able to reproduce it on a fresh project. |
|
I have added the following middleware, and so far it seems fine. Since the <?php
namespace App\RoadRunner\Middleware;
use Baldinof\RoadRunnerBundle\Http\MiddlewareInterface;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\DependencyInjection\ServicesResetter;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Contracts\Service\ResetInterface;
readonly class ServiceReSetterMiddleware implements MiddlewareInterface
{
public function __construct(
#[Autowire("@service_container")]
private ContainerInterface $container,
#[Autowire("@services_resetter")]
private ServicesResetter $servicesResetter,
)
{
}
public function process(Request $request, HttpKernelInterface $next): \Iterator
{
yield $next->handle($request);
$this->servicesResetter->reset();
$ref = new \ReflectionClass($this->container);
$prop = $ref->getProperty("privates");
$services = $prop->getValue($this->container);
foreach ($services as $service) {
if ($service instanceof ResetInterface) {
$service->reset();
}
}
}
}I would live to add reproducer repo, but I cant myself easily reproduce it, it was really random. |
In production, the Symfony somehow loads different logged user than myself. This is major bug. I suspect it's because of sessions not being closed/refresh between requests. I remember this bundle having middleware that would deal with that, but it was removed recently and I am not sure why.
I run RR with 16 workers, so worker 1 has logged user A, worker 2 has user B, and when user B get worker 1, it instead loads the worker 1 user and voila, I am in a different user account.
What do I do?
The text was updated successfully, but these errors were encountered: