Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
RFC accepted - https://wiki.php.net/rfc/deprecate-get-post-sessions
Deprecated session.use_only_cookies, session.use_trans_sid and session.referer_check see commit
Steps to reproduce
use git grep
core/lib/Drupal/Core/DrupalKernel.php:997: ini_set('session.use_only_cookies', '1');
core/lib/Drupal/Core/DrupalKernel.php:998: ini_set('session.use_trans_sid', '0');
Proposed resolution
do not change this settings on PHP 8.4
Remaining tasks
User interface changes
Introduced terminology
API changes
Data model changes
Release notes snippet
Issue fork drupal-3470075
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
- 3470075-php-8.4-session.useonlycookies
changes, plain diff MR !9317
Comments
Comment #3
andypostComment #4
ankitv18 commentedMentioned on the php doc this deprecation will be removed from PHP 9.0 ~~ I think short comment with a link would be more ideal with this change.
Comment #5
andypostHere should be CR and clean up of it will happen before 12.0
Comment #6
andypostCR created
Comment #7
andypostComment #8
ankitv18 commentedLooks good but could make more sense if we add statement of removal of these variables from PHP 9 or something related
Comment #9
andypostupdated CR, feel free to improve it and RTBC)
Comment #10
ankitv18 commentedCurrent revision looks much better as taking the reference form php.net, also changes looks quite straightforward ~~ hence marking this one as RTBC.
Comment #13
catchLooks good and we can just clean these up when we require PHP 8.4+ for Drupal 12. Committed/pushed to 11.x and cherry-picked to 10.4.x, thanks!