Issue #2238561 by alexpott, dawehner, andypost, bradjones1, ridhimaabrol24,...

    # @default none

    # cookie_domain: '.example.com'

    #

    # Set the session ID string length. The length can be between 22 to 256. The

    # PHP recommended value is 48. See

    # https://www.php.net/manual/session.security.ini.php for more information.

    # This value should be kept in sync with

    # \Drupal\Core\Session\SessionConfiguration::__construct()

    # @default 48

    sid_length: 48

    #

    # Set the number of bits in encoded session ID character. The possible

    # values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-",

    # ","). The PHP recommended value is 6. See

    # https://www.php.net/manual/session.security.ini.php for more information.

    # This value should be kept in sync with

    # \Drupal\Core\Session\SessionConfiguration::__construct()

    # @default 6

    sid_bits_per_character: 6

  twig.config:

    # Twig debugging:

    #

    gc_divisor: 100

    gc_maxlifetime: 200000

    cookie_lifetime: 2000000

    sid_length: 48

    sid_bits_per_character: 6

  twig.config:

    debug: false

    auto_reload: null

      - { name: backend_overridable }

  tempstore.shared:

    class: Drupal\Core\TempStore\SharedTempStoreFactory

    arguments: ['@keyvalue.expirable', '@lock', '@request_stack', '%tempstore.expire%']

    arguments: ['@keyvalue.expirable', '@lock', '@request_stack', '@current_user', '%tempstore.expire%']

    tags:

      - { name: backend_overridable }

  pager.manager:

      // @todo Replace this when we refactor the installer to use a request-

      //   response workflow.

      if ($output instanceof Response) {

        if (\Drupal::request()->hasSession()) {

          \Drupal::request()->getSession()->save();

        }

        // Send the response.

        $output->send();

        $output = NULL;

        exit;

      }

      // The task is complete when we try to access the batch page and receive

      // FALSE in return, since this means we are at a URL where we are no

namespace Drupal\Core\Session;

use Drupal\Component\Utility\Crypt;

use Drupal\Core\Site\Settings;

use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as SymfonyMetadataBag;

    }

  }

  /**

   * {@inheritdoc}

   */

  public function stampNew($lifetime = NULL) {

    parent::stampNew($lifetime);

    // Set the token seed immediately to avoid a race condition between two

    // simultaneous requests without a seed.

    $this->setCsrfTokenSeed(Crypt::randomBytesBase64());

  }

  /**

   * Clear the CSRF token seed.

   */

  public function clearCsrfTokenSeed() {

    @trigger_error('Calling ' . __METHOD__ . '() is deprecated in drupal:9.2.0 and will be removed in drupal:10.0.0. Use \Drupal\Core\Session\MetadataBag::stampNew() instead. See https://www.drupal.org/node/3187914', E_USER_DEPRECATED);

    unset($this->meta[static::CSRF_TOKEN_SEED]);

  }

   *

   * @see \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::__construct()

   * @see http://php.net/manual/session.configuration.php

   * @see https://www.php.net/manual/session.security.ini.php

   */

  public function __construct($options = []) {

    $this->options = $options;

    // Provide sensible defaults for sid_length and sid_bits_per_character.

    // See core/assets/scaffold/files/default.services.yml for more information.

    $this->options = $options + ['sid_length' => 48, 'sid_bits_per_character' => 6];

  }

  /**