duancui19840401 2018-04-12 07:57
浏览 68
已采纳

Symfony3在登录时立即丢失用户会话

I moved my Symfony3 app from shared hosting to a new VPS I just set up. When I try to log into the app (using a casual FOSUserBundle form), Symfony does log me in only to disconnect me on next page reload. Which is "instantly" because the first thing a successful login does, is redirect to a page.

What I tried :

  • I disabled redirection, which allows me to see I am connected on the 'login_check' page. I know this as the Symfony Debug Toolbar shows my name. Only not anymore after redirection.
  • I can see there is no PHPSESSID in my cookies anywhere at any time. I think it is the cookie in charge of keeping my Symfony session alive. So...
  • I tried different php scripts to check my VPS config. It does handle cookies and PHP sessions well.
  • I even installed a Wordpress in a subfolder, it handles my session and cookies perfectly.
  • The server folder Symfony uses to store sessions is the same used by Wordpress. And session files do appear on Symfony login attempt. (although sometimes they are just empty files...!?)
  • Upgrading FOSUB and Symfony to latest versions. No changes.

I'm using Symfony 3.4.6 and FOSUB 2.0.0. Any idea?

UPDATE: Security.yml

# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            check_path:     fos_user_security_check
            failure_path:   fos_user_security_login
            login_path: /fr/public/login
            default_target_path: app_homepage
        logout:
            path: fos_user_security_logout
            target: fos_user_security_login
        anonymous:    true


access_control:
    # Allow anonymous logging for these page:
    - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/public/*, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/lab, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/help, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/cron, role: IS_AUTHENTICATED_ANONYMOUSLY }
    # Techs pages
    - { path: ^/_console, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_error, role: IS_AUTHENTICATED_ANONYMOUSLY }
    # Staff only
    - { path: ^/fr/staff/, role: ROLE_STAFF }
    - { path: ^/fr/staff/*, role: ROLE_STAFF }
    # Admin only
    - { path: ^/fr/admin/, role: ROLE_ADMIN }
    - { path: ^/fr/admin/*, role: ROLE_ADMIN }
    # All other pages need to be logged
    - { path: ^/*, role: [IS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_REMEMBERED] }
  • 写回答

3条回答 默认 最新

  • douna5529 2018-04-23 07:52
    关注

    So, the issue resides both in cookies and SSL. When installing my app on my new server, it took some time to transfer my SSL certificate, so the URL of my site was HTTP and not HTTPS.

    The browser though, kept using a Symfony user session cookie called PHPSESSID that was added with the HTTPS protocol. For an unknown reason, the presence of this obsolete cookie prevented logging, without returning any error.

    Plus I was using Firefox's EditThisCookie plugin which didn't show the presence of the PHPSESSID cookie. Although the browser still considered it.

    So, for anyone experiencing the same (very specific) issue: Find and delete the PHPSESSID cookie that may be hard to find because not exactly under the same protocol. In Firefox: Web-debugger > Storage > Cookies.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 yolov9的训练时间
  • ¥15 二叉树遍历没有报错但无法正常运行
  • ¥15 在linux系统下vscode运行robocup3d上场球员报错
  • ¥15 Python语言实验
  • ¥15 SAP HANA SQL 增加合计行
  • ¥20 用C#语言解决一个英文打字练习器,有偿
  • ¥15 srs-sip外部服务 webrtc支持H265格式
  • ¥15 在使用abaqus软件中,继承到assembly里的surfaces怎么使用python批量调动
  • ¥15 大一C语言期末考试,求帮助🙏🙏
  • ¥15 ch340驱动未分配COM