Issue #3264067 by andypost: Remove deprecated code from session namespace

    $this->setCsrfTokenSeed(Crypt::randomBytesBase64());

  }

  /**

   * Clear the CSRF token seed.

   */

  public function clearCsrfTokenSeed() {

    @trigger_error('Calling ' . __METHOD__ . '() is deprecated in drupal:9.2.0 and will be removed in drupal:10.0.0. Use \Drupal\Core\Session\MetadataBag::stampNew() instead. See https://www.drupal.org/node/3187914', E_USER_DEPRECATED);

    unset($this->meta[static::CSRF_TOKEN_SEED]);

  }

}

namespace Drupal\Core\Session;

use Drupal\Component\Utility\Crypt;

use Drupal\Core\Database\Connection;

use Drupal\Core\DependencyInjection\DependencySerializationTrait;

use Symfony\Component\HttpFoundation\RequestStack;

    return $result;

  }

  /**

   * {@inheritdoc}

   */

  public function getId(): string {

    $id = parent::getId();

    if (empty($id)) {

      // Legacy code might rely on the existence of a session ID before a real

      // session exists. In this case, generate a random session ID to provide

      // backwards compatibility.

      @trigger_error('Calling ' . __METHOD__ . '() outside of an actual existing session is deprecated in drupal:9.2.0 and will be removed in drupal:10.0.0. This is often used for anonymous users. See https://www.drupal.org/node/3006306', E_USER_DEPRECATED);

      $id = Crypt::randomBytesBase64();

      $this->setId($id);

    }

    return $id;

  }

  /**

   * Forcibly start a PHP session.

   *

    $this->assertNotEquals('a_cryptographically_secure_long_random_string_should_used_here', $metadata->getCsrfTokenSeed());

  }

  /**

   * @covers ::clearCsrfTokenSeed

   * @group legacy

   */

  public function testDeprecatedClearCsrfTokenSeed() {

    $this->expectDeprecation('Calling Drupal\Core\Session\MetadataBag::clearCsrfTokenSeed() is deprecated in drupal:9.2.0 and will be removed in drupal:10.0.0. Use \Drupal\Core\Session\MetadataBag::stampNew() instead. See https://www.drupal.org/node/3187914');

    $metadata = new MetadataBag(new Settings([]));

    $metadata->clearCsrfTokenSeed();

  }

}

<?php

namespace Drupal\Tests\Core\Session;

use Drupal\Core\Database\Connection;

use Drupal\Core\Session\MetadataBag;

use Drupal\Core\Session\SessionConfigurationInterface;

use Drupal\Core\Session\SessionManager;

use Drupal\Core\Site\Settings;

use Drupal\Tests\UnitTestCase;

use Symfony\Component\HttpFoundation\RequestStack;

use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy;

/**

 * @coversDefaultClass \Drupal\Core\Session\SessionManager

 * @group Session

 */

class SessionManagerTest extends UnitTestCase {

  /**

   * @group legacy

   */

  public function testGetIdWithoutSession() {

    $connection = $this->createMock(Connection::class);

    $session_configuration = $this->createMock(SessionConfigurationInterface::class);

    $session_manager = new SessionManager(

      new RequestStack(),

      $connection,

      new MetadataBag(new Settings([])),

      $session_configuration,

      new FakeAbstractProxy()

    );

    $this->expectDeprecation('Calling Drupal\Core\Session\SessionManager::getId() outside of an actual existing session is deprecated in drupal:9.2.0 and will be removed in drupal:10.0.0. This is often used for anonymous users. See https://www.drupal.org/node/3006306');

    $this->assertNotEmpty($session_manager->getId());

  }

}

class FakeAbstractProxy extends AbstractProxy {

  /**

   * Stores the fake session ID.

   *

   * @var string

   */

  protected $id = '';

  public function setId($id) {

    $this->id = $id;

  }

  public function getId(): string {

    return $this->id;

  }

}