duancui19840401 2018-04-12 07:57
浏览 68
已采纳

Symfony3在登录时立即丢失用户会话

I moved my Symfony3 app from shared hosting to a new VPS I just set up. When I try to log into the app (using a casual FOSUserBundle form), Symfony does log me in only to disconnect me on next page reload. Which is "instantly" because the first thing a successful login does, is redirect to a page.

What I tried :

  • I disabled redirection, which allows me to see I am connected on the 'login_check' page. I know this as the Symfony Debug Toolbar shows my name. Only not anymore after redirection.
  • I can see there is no PHPSESSID in my cookies anywhere at any time. I think it is the cookie in charge of keeping my Symfony session alive. So...
  • I tried different php scripts to check my VPS config. It does handle cookies and PHP sessions well.
  • I even installed a Wordpress in a subfolder, it handles my session and cookies perfectly.
  • The server folder Symfony uses to store sessions is the same used by Wordpress. And session files do appear on Symfony login attempt. (although sometimes they are just empty files...!?)
  • Upgrading FOSUB and Symfony to latest versions. No changes.

I'm using Symfony 3.4.6 and FOSUB 2.0.0. Any idea?

UPDATE: Security.yml

# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            check_path:     fos_user_security_check
            failure_path:   fos_user_security_login
            login_path: /fr/public/login
            default_target_path: app_homepage
        logout:
            path: fos_user_security_logout
            target: fos_user_security_login
        anonymous:    true


access_control:
    # Allow anonymous logging for these page:
    - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/public/*, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/lab, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/fr/help, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/cron, role: IS_AUTHENTICATED_ANONYMOUSLY }
    # Techs pages
    - { path: ^/_console, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_error, role: IS_AUTHENTICATED_ANONYMOUSLY }
    # Staff only
    - { path: ^/fr/staff/, role: ROLE_STAFF }
    - { path: ^/fr/staff/*, role: ROLE_STAFF }
    # Admin only
    - { path: ^/fr/admin/, role: ROLE_ADMIN }
    - { path: ^/fr/admin/*, role: ROLE_ADMIN }
    # All other pages need to be logged
    - { path: ^/*, role: [IS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_REMEMBERED] }
  • 写回答

3条回答 默认 最新

  • douna5529 2018-04-23 07:52
    关注

    So, the issue resides both in cookies and SSL. When installing my app on my new server, it took some time to transfer my SSL certificate, so the URL of my site was HTTP and not HTTPS.

    The browser though, kept using a Symfony user session cookie called PHPSESSID that was added with the HTTPS protocol. For an unknown reason, the presence of this obsolete cookie prevented logging, without returning any error.

    Plus I was using Firefox's EditThisCookie plugin which didn't show the presence of the PHPSESSID cookie. Although the browser still considered it.

    So, for anyone experiencing the same (very specific) issue: Find and delete the PHPSESSID cookie that may be hard to find because not exactly under the same protocol. In Firefox: Web-debugger > Storage > Cookies.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Fluent齿轮搅油
  • ¥15 八爪鱼爬数据为什么自己停了
  • ¥15 交替优化波束形成和ris反射角使保密速率最大化
  • ¥15 树莓派与pix飞控通信
  • ¥15 自动转发微信群信息到另外一个微信群
  • ¥15 outlook无法配置成功
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素