We’re porting an application from Yii 1 to Yii 2, and I noticed that Yii 2 has forgone its former StatePersister classes.
The application is freely distributed and self-hosted, so it’s not possible for us to store secret keys in the code (for things like Security::hashData()), as anyone with a copy of the codebase would be able to tell what that secret key is for all other instances of it. So we’ve been relying on Yii 1’s State functionality to manage that for us.
Was there any specific reason for removing that functionality from Yii 2 (e.g. a security concern), or was it just not deemed useful enough to warrant being part of the core? If the latter, is there any chance a yiisoft/yii2-state package is in the works that brings it back as an optional component?
I can’t tell you why its gone but you got me curious enough to read the docs.
So, if state persister can use cache as a storage medium, or you can use the database for such, it seems that this functionality is redundant. What does it do that a fileCache or dbCache cannot?
I don’t know your architecture but could you put the key in your db schema and cache the result?
Yes, there are other ways to store that data, and can see how it could be considered redundant. We mostly used it for the app ID it would automatically generate, which Yii used in a few places (for example, when calling CSecurityManager::hashData() you woludn’t need to specify a $key because it auto-generated one based on that random state-stored app ID).
Mostly just curious, as this was a pretty big chunk of functionality that was dropped in Yii 2 without any mention, as far as I can tell.
