Merge pull request #5325 from magento-qwerty/MC-29561

Deprecate SID query parameter-related methods

Author: dvoskoboinikov

app/code/Magento/Catalog/Model/Template/Filter.php

@@ -14,8 +14,6 @@
 
 /**
  * Work with catalog(store, website) urls
- *
- * @package Magento\Catalog\Model\Template
  */
 class Filter extends \Magento\Framework\Filter\Template
 {
@@ -30,6 +28,7 @@ class Filter extends \Magento\Framework\Filter\Template
      * Whether to allow SID in store directive: NO
      *
      * @var bool
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     protected $_useSessionInUrl = false;
 
@@ -81,10 +80,14 @@ public function setUseAbsoluteLinks($flag)
      *
      * @param bool $flag
      * @return $this
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     public function setUseSessionInUrl($flag)
     {
-        $this->_useSessionInUrl = $flag;
+        // phpcs:disable Magento2.Functions.DiscouragedFunction
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
+
         return $this;
     }
 
@@ -126,6 +129,7 @@ public function viewDirective($construction)
      */
     public function mediaDirective($construction)
     {
+        // phpcs:disable Magento2.Functions.DiscouragedFunction
         $params = $this->getParameters(html_entity_decode($construction[2], ENT_QUOTES));
         return $this->_storeManager->getStore()
                 ->getBaseUrl(\Magento\Framework\UrlInterface::URL_TYPE_MEDIA) . $params['url'];

app/code/Magento/Cms/Model/Template/Filter.php

@@ -12,25 +12,6 @@
  */
 class Filter extends \Magento\Email\Model\Template\Filter
 {
-    /**
-     * Whether to allow SID in store directive: AUTO
-     *
-     * @var bool
-     */
-    protected $_useSessionInUrl;
-
-    /**
-     * Setter whether SID is allowed in store directive
-     *
-     * @param bool $flag
-     * @return $this
-     */
-    public function setUseSessionInUrl($flag)
-    {
-        $this->_useSessionInUrl = (bool)$flag;
-        return $this;
-    }
-
     /**
      * Retrieve media file URL directive
      *

app/code/Magento/Email/Model/Template/Filter.php

@@ -44,6 +44,7 @@ class Filter extends \Magento\Framework\Filter\Template
      * Whether to allow SID in store directive: NO
      *
      * @var bool
+     * @deprecated SID is not being used as query parameter anymore.
      */
     protected $_useSessionInUrl = false;
 
@@ -263,10 +264,14 @@ public function setUseAbsoluteLinks($flag)
      *
      * @param bool $flag
      * @return $this
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     public function setUseSessionInUrl($flag)
     {
-        $this->_useSessionInUrl = $flag;
+        // phpcs:disable Magento2.Functions.DiscouragedFunction
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
+
         return $this;
     }
 

app/code/Magento/Store/Model/StoreSwitcher/CleanTargetUrl.php

@@ -14,6 +14,10 @@
 
 /**
  * Remove SID, from_store, store from target url.
+ *
+ * Used in store-switching process in HTML frontend.
+ *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
  */
 class CleanTargetUrl implements StoreSwitcherInterface
 {
@@ -22,42 +26,32 @@ class CleanTargetUrl implements StoreSwitcherInterface
      */
     private $urlHelper;
 
-    /**
-     * @var \Magento\Framework\Session\Generic
-     */
-    private $session;
-
-    /**
-     * @var \Magento\Framework\Session\SidResolverInterface
-     */
-    private $sidResolver;
-
     /**
      * @param UrlHelper $urlHelper
      * @param \Magento\Framework\Session\Generic $session
      * @param \Magento\Framework\Session\SidResolverInterface $sidResolver
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function __construct(
         UrlHelper $urlHelper,
         \Magento\Framework\Session\Generic $session,
         \Magento\Framework\Session\SidResolverInterface $sidResolver
     ) {
         $this->urlHelper = $urlHelper;
-        $this->session = $session;
-        $this->sidResolver = $sidResolver;
     }
 
     /**
+     * Generate target URL to switch stores through other mechanism then via URL params.
+     *
      * @param StoreInterface $fromStore store where we came from
      * @param StoreInterface $targetStore store where to go to
      * @param string $redirectUrl original url requested for redirect after switching
      * @return string redirect url
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function switch(StoreInterface $fromStore, StoreInterface $targetStore, string $redirectUrl): string
     {
         $targetUrl = $redirectUrl;
-        $sidName = $this->sidResolver->getSessionIdQueryParam($this->session);
-        $targetUrl = $this->urlHelper->removeRequestParam($targetUrl, $sidName);
         $targetUrl = $this->urlHelper->removeRequestParam($targetUrl, '___from_store');
         $targetUrl = $this->urlHelper->removeRequestParam($targetUrl, StoreResolverInterface::PARAM_NAME);
 

dev/tests/integration/testsuite/Magento/Framework/Session/SessionManagerTest.php

@@ -225,22 +225,6 @@ public function testSetSessionId()
             $this->assertEquals('test', $this->model->getSessionId());
         }
 
-        /**
-         * @magentoConfigFixture current_store web/session/use_frontend_sid 1
-         */
-        public function testSetSessionIdFromParam()
-        {
-            $this->initializeModel();
-            $this->appState->expects($this->any())
-                ->method('getAreaCode')
-                ->willReturn(\Magento\Framework\App\Area::AREA_FRONTEND);
-            $currentId = $this->model->getSessionId();
-            $this->assertNotEquals('test_id', $this->model->getSessionId());
-            $this->request->getQuery()->set(SidResolverInterface::SESSION_ID_QUERY_PARAM, 'test-id');
-            $this->model->setSessionId($this->sidResolver->getSid($this->model));
-            $this->assertEquals($currentId, $this->model->getSessionId());
-        }
-
         public function testGetSessionIdForHost()
         {
             $this->initializeModel();

dev/tests/integration/testsuite/Magento/Framework/UrlTest.php

@@ -23,13 +23,6 @@ protected function setUp()
         $this->model = Bootstrap::getObjectManager()->create(\Magento\Framework\Url::class);
     }
 
-    public function testSetGetUseSession()
-    {
-        $this->assertFalse((bool)$this->model->getUseSession());
-        $this->model->setUseSession(false);
-        $this->assertFalse($this->model->getUseSession());
-    }
-
     public function testSetRouteFrontName()
     {
         $value = 'route';

dev/tests/integration/testsuite/Magento/Store/Model/StoreSwitcherTest.php

@@ -42,7 +42,7 @@ protected function setUp()
      */
     public function testSwitch(): void
     {
-        $redirectUrl = "http://domain.com/?SID=e5h3e086dce3ckkqt9ia7avl27&___store=fixture_second_store";
+        $redirectUrl = "http://domain.com/?___store=fixture_second_store";
         $expectedUrl = "http://domain.com/";
         $fromStoreCode = 'test';
         /** @var \Magento\Store\Api\StoreRepositoryInterface $storeRepository */

lib/internal/Magento/Framework/Session/SessionManager.php

@@ -10,7 +10,8 @@
 use Magento\Framework\Session\Config\ConfigInterface;
 
 /**
- * Session Manager
+ * Standard session management.
+ *
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
  */
@@ -200,9 +201,6 @@ public function start()
                     session_commit();
                     session_id($_SESSION['new_session_id']);
                 }
-                $sid = $this->sidResolver->getSid($this);
-                // potential custom logic for session id (ex. switching between hosts)
-                $this->setSessionId($sid);
                 session_start();
                 if (isset($_SESSION['destroyed'])
                     && $_SESSION['destroyed'] < time() - $this->sessionConfig->getCookieLifetime()
@@ -211,7 +209,7 @@ public function start()
                 }
 
                 $this->validator->validate($this);
-                $this->renewCookie($sid);
+                $this->renewCookie(null);
 
                 register_shutdown_function([$this, 'writeClose']);
 

lib/internal/Magento/Framework/Session/SidResolver.php

@@ -56,7 +56,7 @@ class SidResolver implements SidResolverInterface
      * @var bool|null
      * @see \Magento\Framework\UrlInterface
      */
-    protected $_useSessionInUrl;
+    protected $_useSessionInUrl = false;
 
     /**
      * @var string
@@ -88,26 +88,21 @@ public function __construct(
     }
 
     /**
-     * Get Sid
-     *
-     * @param SessionManagerInterface $session
-     * @return string|null
-     * @throws \Magento\Framework\Exception\LocalizedException
-     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     * @inheritDoc
      */
     public function getSid(SessionManagerInterface $session)
     {
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
+
         return null;
     }
 
     /**
-     * Get session id query param
-     *
-     * @param SessionManagerInterface $session
-     * @return string
+     * @inheritDoc
      */
     public function getSessionIdQueryParam(SessionManagerInterface $session)
     {
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
         $sessionName = $session->getName();
         if ($sessionName && isset($this->sidNameMap[$sessionName])) {
             return $this->sidNameMap[$sessionName];
@@ -116,57 +111,42 @@ public function getSessionIdQueryParam(SessionManagerInterface $session)
     }
 
     /**
-     * Set use session var instead of SID for URL
-     *
-     * @param bool $var
-     * @return $this
+     * @inheritDoc
      */
     public function setUseSessionVar($var)
     {
-        $this->_useSessionVar = (bool)$var;
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
+
         return $this;
     }
 
     /**
-     * Retrieve use flag session var instead of SID for URL
-     *
-     * @return bool
-     * @SuppressWarnings(PHPMD.BooleanGetMethodName)
+     * @inheritDoc
      */
     public function getUseSessionVar()
     {
-        return $this->_useSessionVar;
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
+
+        return false;
     }
 
     /**
-     * Set Use session in URL flag
-     *
-     * @param bool $flag
-     * @return $this
+     * @inheritDoc
      */
     public function setUseSessionInUrl($flag = true)
     {
-        $this->_useSessionInUrl = (bool)$flag;
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
+
         return $this;
     }
 
     /**
-     * Retrieve use session in URL flag.
-     *
-     * @return bool
-     * @SuppressWarnings(PHPMD.BooleanGetMethodName)
+     * @inheritDoc
      */
     public function getUseSessionInUrl()
     {
-        if ($this->_useSessionInUrl === null) {
-            //Using config value by default, can be overridden by using the
-            //setter.
-            $this->_useSessionInUrl = $this->scopeConfig->isSetFlag(
-                self::XML_PATH_USE_FRONTEND_SID,
-                $this->_scopeType
-            );
-        }
+        trigger_error('Session ID is not used as URL parameter anymore.', E_USER_DEPRECATED);
 
-        return $this->_useSessionInUrl;
+        return false;
     }
 }

lib/internal/Magento/Framework/Session/SidResolverInterface.php

@@ -10,6 +10,7 @@
 /**
  * Interface \Magento\Framework\Session\SidResolverInterface
  *
+ * @deprecated 2.3.3 SIDs in URLs are no longer used
  */
 interface SidResolverInterface
 {
@@ -23,6 +24,7 @@ interface SidResolverInterface
      *
      * @param \Magento\Framework\Session\SessionManagerInterface $session
      * @return string|null
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     public function getSid(\Magento\Framework\Session\SessionManagerInterface $session);
 
@@ -31,6 +33,7 @@ public function getSid(\Magento\Framework\Session\SessionManagerInterface $sessi
      *
      * @param \Magento\Framework\Session\SessionManagerInterface $session
      * @return string
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     public function getSessionIdQueryParam(\Magento\Framework\Session\SessionManagerInterface $session);
 
@@ -39,6 +42,7 @@ public function getSessionIdQueryParam(\Magento\Framework\Session\SessionManager
      *
      * @param bool $var
      * @return $this
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     public function setUseSessionVar($var);
 
@@ -55,13 +59,15 @@ public function getUseSessionVar();
      *
      * @param bool $flag
      * @return $this
+     * @deprecated SID query parameter is not used in URLs anymore.
      */
     public function setUseSessionInUrl($flag = true);
 
     /**
      * Retrieve use session in URL flag
      *
      * @return bool
+     * @deprecated SID query parameter is not used in URLs anymore.
      * @SuppressWarnings(PHPMD.BooleanGetMethodName)
      */
     public function getUseSessionInUrl();