Problem/Motivation
On the AccountInterface The methods getSessionId(), getSecureSessionId() and getSessionData() are completely unused and superflous. The introduction of these methods probably was based on the misconception that a user is always authenticated using a session. This is not the case anymore.
In addition those methods do not make any sense at all on user entities loaded from the disk (i.e. user entity != current user). Typehinting against the AccountInterface in order to get at the session id when it is not guaranteed that it is actually there is pointless - and that's probably also the reason why those methods are not used at all.
Rather code which relies on the session should retrieve it directly from the $request via getSession().
Proposed resolution
Remove those methods.
Remaining tasks
User interface changes
API changes
Remove the following methods:
AccountInterface::getSessionId()AccountInterface::getSecureSessionId()AccountInterface::getSessionData()AccountInterface::getHostname()
Follow-up to #1858196: [meta] Leverage Symfony Session components
Beta phase evaluation
| Issue category | Bug because this removes broken code |
|---|---|
| Issue priority | Normal |
| Disruption | Disruptive for contributed and custom modules because it will require a BC break |