- Issue created by @BramDriesen
- 🇧🇪Belgium BramDriesen Belgium 🇧🇪
No activity over 2 days, un-assigning. Feel free to pick this up again.
Follow up issue from 📌 Anonymous users - Multiple voting from one IP Needs review
Replace the usage of the super global $_SESSION
Relying on the session super global within the storage doesn't feel right. We shouldn't use that anymore. We could inject the request stack and get it from the current request a start.
It's also not isolated, no single API is responsible for this session storage. It's set in the form.
Looking at the flag module, which is quite comparable and supports per-session flags, it works quite different. it generates a session id and then stores that in a column. It's needed there, because you need to be able to query for your flags. But it might be worth considering here as well, for example you could detect bots that vote on many polls and delete those votes, if you have many active polls (if you do, storing the ids directly in the session could also grow quite a bit. But you would probably need a lot for that to become a problem).
that has it's own issues, Drupal no longer starts a session automatically, so it needs some extra work to get and manage that id (see \Drupal\flag\FlagService::ensureSession).
Source: https://git.drupalcode.org/project/poll/-/merge_requests/30#note_279119
N/A
Replace the occurrences of $_SESSION with the session data of the current request.
Implement something like \Drupal\flag\FlagService::ensureSession
MR
In theory no extra tests are needed, everything should be green after those changes.
N/A
N/A
N/A
Postponed
2.0
Code
No activity over 2 days, un-assigning. Feel free to pick this up again.