Draft: Clean up $_SESSION access only via Session-Class
Closes #1769
What does this MR do?
The future refactoring of session handling requires a clear API, to simplify the dependencies. This MR removes all direct access to $_SESSION.
I do not know if the could I changes is really in use.
-
Replace mobile device detection -
Replace regionId access -
Replace regions access -
Replace pulse message buffer -
Replace session picture cache (Unclear need) -
Replace "Client" access -
Move hastodoquiz to QuizXhr !3075 (merged) -
extract current user from session (image, user details, ..) -
move PrivacyAcceptStates to legal module -
generate user UserOption Storage -
Remove complex fAuthorization !3078 (merged) -
Extract Csrf -
Extract FlashMessages -
extract isMobile !3115 (closed) !3116 (merged) -
remove direct session access !3099 (merged) -
extract Buddy list !2987 (merged) -
Move "remember me" to separate class -
Replace internal Session access to Sessioninterface -
rename Foodsharing/Session to SecurityTransaction -
Insert Symfony Session
How confident are you it won't break things if deployed?
I hope not. Unable to test all, test should ensure this.
Links to related issues
How to test
- Checkout branch locally
- Login as foodsaver
- ... -->
Screenshots (if applicable)
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
set a "for:" label to indicate who will be affected by this change -
added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label) -
added an entry to CHANGELOG.md
-
added a short text in the release notes to /release-notes/YYYY-MM.md -
Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/region?bid=734&sub=forum. Please change the MRs label to "state:Beta testing". - Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
- Be aware, that also non technical people should understand.
Closes #1769