Quoting #2371629-35: [meta] Finalize Session and User Authentication API:
Per #2603046-23: Support anonymous users, another thing that is missing in the current APIs, is cacheability metadata.
We want to make sure that not all code needs to be aware of what mechanism is used to handle sessions. I.e. whether that uses a cookie, some kind of header, or something else still.
\Drupal\Core\Session\SessionConfigurationInterface
actually is meant to encapsulate that. And it does. But it's unfortunately unaware of cache contexts, because that was overlooked. The default implementation,\Drupal\Core\Session\SessionConfiguration
uses cookies.So, what is missing is:
/** * @return string[] */ SessionConfigurationInterface::getCacheContexts();
And
SessionConfiguration::getCacheContexts() { return ['cookies:' . $this->getName()]; }
Comments
Comment #2
andypostThen why not
getMaxAge()
cos cookie has lifetimeAlso for personalized content tags maybe useful, for example to clear cache when session ends