New in Symfony 7.2: Deprecations
A new Symfony minor version release is a good opportunity to deprecate some
features in preparation for their removal in the next major version. In Symfony 7.2,
we’ve deprecated the following features that will be removed in Symfony 8.0.
Deprecated Session ID Config Options
PHP defines two INI options called session.sid_length and session.sid_bits_per_character.
The PHP maintainers recognized these options as problematic because developers could
set session IDs that are too short (and therefore unsafe) or too long (which is
unnecessary and consumes more CPU resources without significant security benefits).
That’s why, starting in PHP 8.4, they deprecated those options, and in Symfony 7.2,
we’ve deprecated the corresponding options under framework.session.
Remove the Default Garbage Collector Probability
When a session opens, PHP calls the garbage collector handler randomly based on the
probability defined by session.gc_probability/session.gc_divisor (e.g.,
a 5/100 configuration means a 5% chance of invoking the garbage collector).
In Symfony, the session.gc_probability option had a default value of 1.
This value overrode the corresponding PHP INI setting, but we encourage using
the native PHP session features (including the default session folder). As a result,
we’ve removed this default value and now rely on the PHP INI settings by default.
Deprecated More Session Config Options
PHP 8.4 also deprecated other options related to sessions. Consequently, when
using NativeSessionStorage, it’s now deprecated to configure these options:
referer_check, use_only_cookies, use_trans_sid, trans_sid_hosts,
and trans_sid_tags.
Deprecated Empty User Identifiers
In Symfony, some authenticators like FormLoginAuthenticator and
JsonLoginAuthenticator already check if the provided user identifier is an
empty string and throw an exception if it is.
We believe all authenticators should enforce this behavior, so we updated the following:
The getUserIdentifier() method of UserInterface must now return a
non-empty string;
Passing an empty user identifier to the constructor of UserBadge
is now deprecated.
Deprecate Making cache.app Taggable
The Symfony Cache component allows attaching tags to cache items as one of
the recommended methods for cache invalidation. However, enabling the tagging feature
in the cache.app adapter has led to issues.
To address this, we’ve deprecated the tags option in the cache.app adapter.
Instead, use the cache.app.taggable adapter.
Deprecated the !tagged Tag
When working with service tags, the !tagged_iterator tag in YAML and XML files
allows you to inject all services tagged with a specific tag:
# config/services.yaml
services:
# …
AppHandlerCollection:
# inject all services tagged with ‚app.handler‘
arguments:
– !tagged_iterator ‚app.handler‘
The !tagged_iterator tag replaced the !tagged tag, which was still supported
in YAML/XML files. In Symfony 7.2, the !tagged tag is officially deprecated.
Symfony Blog