session_unset logs out user when viewing the page

Question

We have an application that we developed in Drupal 7 and I am tasked with migrating this form to Drupal 8. I have a question about the session behavior which seems to have changed from Drupal 7 to 8.

Our application is a node and whenever that node is navigated to, or refreshed, the session is unset and restarted (for security purposes).

function fu_preprocess_node__application(&$vars) {  
    session_unset();    
    if(session_id() == ''){         
        ini_set('session.gc_maxlifetime','28800');      
        session_start();    
    } 
}

In Drupal 7, if I am logged in as an admin user and working on the form and I navigate to the application node to view it, I am fine. However, in Drupal 8, when I am logged in to Drupal and I wish to view this page, the session_unset() logs me out and gives access denied errors for contentual/render and history/23/read.

What do I need to change so that we can unset the session for the application form but not get logged out as drupal user? For the typical user of this form, who does not log in as a drupal user, this is not an issue. But as an admin working on the form, it is an issue.

Answer 1

I was able to combine two of the responses to solve my problem. I indeed updated it to use the symfony that is now part of drupal 8. (Comment #3). Reading https://www.drupal.org/docs/7/security/safely-impersonating-another-user gave me an idea to test for anonymity. So I ended up changing the original code to:

if(\Drupal::currentUser()->isAnonymous()) {
    $request = \Drupal::request();
    $session = $request->getSession();
    $session->clear();
    if($session->getId() == '') {
        ini_set('session.gc_maxlifetime','28800');
        $session->start();
    }
}

This seemed to make my problem go away. Not sure if this is the best solution, or a band-aid, but it worked for me.