Now that we have a pluggable authentication system (#1890878: Add modular authentication system, including Http Basic; deprecate global $user) we can remove session.inc.

There are three this to do here:

  1. Move functionality from session.inc to Drupal\Core\Authentication\Provider\Cookie. (Remove deprecated usage of global $user)
  2. Remove the file session.inc
  3. Make sure the authentication system gets loaded in case of install and update.

Comments

ParisLiakos’s picture

ParisLiakos commented

does not make sense imo. authentication system shouldnt know how to start/read/write sessions.
unfortunately, this is the correct way to remove session.inc: #1858196: [meta] Leverage Symfony Session components

znerol’s picture

znerol commented
Issue summary: View changes
Status: Active » Closed (duplicate)
Related issues: +#2228393: Decouple session from cookie based user authentication