Added InputBag¶
The ParameterBag class defined by Symfony is like an object-oriented array
which stores related values and provides methods such as get(), set(),has(), etc. Symfony defines specialized ParameterBag classes for some
purposes (e.g. FileBag for uploaded files, ServerBag for HTTP headers, etc.)
In Symfony 5.1 we've introduced a new InputBag class (which extends fromParameterBag) to manage values provided by the user (via $_GET, $_POST,$_REQUEST, and $_COOKIE superglobals).
Encrypted session data¶
Contributed by
Ahmed Tailouloute
in #35804.
Encrypting data is one of the recommended ways to minimize the damage caused
by security leaks. In Symfony 5.1 you can encrypt the contents of the session
using a new MarshallingSessionHandler, which in turn uses the marshaller
from the Cache component.
Use the following configuration to define the needed data to encrypt the sessions:
1 2 3 4 5 | Symfony\Component\Cache\Marshaller\SodiumMarshaller:decorates:'session.marshaller'arguments:-['%env(file:resolve:SODIUM_DECRYPTION_FILE)%']-'@.inner' |
Support all HTTP Cache-Control directives¶
Symfony supports the most used HTTP Cache-control directives (etag,last_modified, max_age, public , etc.). However, we were missing
some of them, so we decided to add support for all cache-control directives
in Symfony 5.1:
etagimmutablelast_modifiedmax_agemust_revalidateno_cacheno_storeno_transformprivateproxy_revalidatepublics_maxage
Cookie builder¶
Contributed by
Nikita Safonov
in #35215.
Cookies define lots of configuration parameters. That's why the Cookie::create()
named constructor defines nine arguments! In Symfony 5.1 we introduced some methods
to turn the Cookie class into a builder object if you prefer to use it that way:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | useSymfony\Component\HttpFoundation\Cookie;// Before$cookie=Cookie::create('foo','bar',new\DateTime('+1 year'),'/','.myfoodomain.com',true,true);// After$cookie=Cookie::create('foo')->withValue('bar')->withExpiresTime(new\DateTime('+1 year'))->withDomain('.myfoodomain.com')->withSecure(true)->withHttpOnly(true); |
Each withXXX() method returns a new instance of the Cookie object, so
you can also use them to change some parameter of an existing cookie object to
create a new one.