On my Symfony 4.4 application I use PdoSessionHandler to store session in the database. Yesterday I got an error log for one of the users:
SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'sess_data' at row 1
I was surprised that sess_data could get so big that this error would appear. In the end it is a BLOB field.
I checked other rows and noticed that CHAR_LENGTH could reach up to 50,415 and more. The session contents being 95% (hundreds of lines) of _csrf tokens.
Firstly, why sould session store so many _csrf tokens? What could I do to prevent it?
Here is a configuration for the session handler:
# framework.yaml
session:
handler_id: 'Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler'
gc_maxlifetime: 7890000 # 3 months
cookie_lifetime: 31536000 # 1 year
# services.yaml
Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
arguments:
- !service { class: 'PDO', factory: ['@database_connection', 'getWrappedConnection'] }
- { lock_mode: 1 }