Truly stateless controllers

The Frontastic API hub comes with some (theoretically) stateless (and so session-less) HTTP endpoints. We suffered from an issue that the underlying Symfony framework generated sessions for those requests anyway. This was fixed in the recent Frontastic API hub release and introduced a mechanism you can leverage for your custom controllers to make them stateless, too.

To achieve this, you'll need to add the attribute _stateless to your Symfony route definition in the corresponding endpoint, for example:

<route id="Custom.Controller.deliver" path="/foo/bar" methods="GET">
    <default key="_controller">YourBundle\Controller\SomeController::deliverAction</default>

    <default key="_stateless">true</default>

This will prevent the Frontastic API hub core from accessing the session.

Note: if your own code still accesses the session (even asking if it exists using $request->hasSession(), the session will be created regardless. Also, if you use Frontastic functions that explicitly access the session (for example the CartFetcher), the session will be created.

To prevent this in your code, you can use $request->attributes->get('_stateless', false) as a condition to guard session access.