I am running a Symfony 2.8
based webpage which uses the FOSUserBundle
. When the user switches from the public part of the webpage to the private part by logging in, the session is invalided (PHPSESSID
changes). Thus after logging in it it not possible any more to access the session which was used on the public part.
In the Symfony
docs I found information about the invalidate_session
in the logout config.
While it makes sense to clean the session data when logging out, I do not understand what's the reason to the same when logging in.
Question 1:
Is there an option to prevent Symfony
from invalidating the session when logging in?
Even if there an option to change this behavior I would preferr to keep it this way (to prevent any unforeseen side effects). This brings us to the second question:
Question 2: Is there any event or other way that can be used to access the public session before it gets invalidated during the login process?
The Firewall.php
uses an onKernelRequest
handler with priority 8 to run its authentication methods. Thus I tried to use my on own onKernelRequest
handler with a higher priority to access the session first, but this did not work out. I get only access to the new session.
How to solve this?