I moved my Symfony3 app from shared hosting to a new VPS I just set up. When I try to log into the app (using a casual FOSUserBundle form), Symfony does log me in only to disconnect me on next page reload. Which is "instantly" because the first thing a successful login does, is redirect to a page.
What I tried :
- I disabled redirection, which allows me to see I am connected on the 'login_check' page. I know this as the Symfony Debug Toolbar shows my name. Only not anymore after redirection.
- I can see there is no PHPSESSID in my cookies anywhere at any time. I think it is the cookie in charge of keeping my Symfony session alive. So...
- I tried different php scripts to check my VPS config. It does handle cookies and PHP sessions well.
- I even installed a Wordpress in a subfolder, it handles my session and cookies perfectly.
- The server folder Symfony uses to store sessions is the same used by Wordpress. And session files do appear on Symfony login attempt. (although sometimes they are just empty files...!?)
- Upgrading FOSUB and Symfony to latest versions. No changes.
I'm using Symfony 3.4.6 and FOSUB 2.0.0. Any idea?
UPDATE: Security.yml
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
failure_path: fos_user_security_login
login_path: /fr/public/login
default_target_path: app_homepage
logout:
path: fos_user_security_logout
target: fos_user_security_login
anonymous: true
access_control:
# Allow anonymous logging for these page:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/public/*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/lab, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/fr/help, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cron, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Techs pages
- { path: ^/_console, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_error, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Staff only
- { path: ^/fr/staff/, role: ROLE_STAFF }
- { path: ^/fr/staff/*, role: ROLE_STAFF }
# Admin only
- { path: ^/fr/admin/, role: ROLE_ADMIN }
- { path: ^/fr/admin/*, role: ROLE_ADMIN }
# All other pages need to be logged
- { path: ^/*, role: [IS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_REMEMBERED] }