douyin8809
2017-10-30 14:15 阅读 52
已采纳

在Symfony应用程序之间共享会话

I have an old Symfony 2.4 app (with php 5) and a standard security (form_login firewall & role based authorization). Let's call it app1.

Now I'm creating a new Symfony 3.3 app (php 7) that I'd like to use keeping sessions so users can switch from one to an other seamlessly. Let's call it app2. The users' authentication and storage would still be managed by app1.

These apps are hosted on the same domain, different subdomains. I managed to share the app1 session files into app2 (with Docker volumes).

Here is the session configuration of both apps:

framework:
    session:
        handler_id: session.handler.native_file
        save_path: '%kernel.root_dir%/../var/sessions/%kernel.environment%'
        cookie_domain: myapp.dev

So when I'm logged into app1 I'm expecting to be considered logged into app2 as well.
I'm seeing app2 sending the right cookie but it crashes saying :

Warning: Class __PHP_Incomplete_Class has no unserializer

It is actually trying to unserialize app1's user from the session but does not have the related User implementation in app2.

How can app2 know that I'm logged in app1 ?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dtqie02844 dtqie02844 2017-10-30 16:26

    Obviously you can't share session files without sharing the classes, which is hardly an option considering a gap between versions.

    In general case you would need to use one of single sign on systems - OAuth2, OpenId, etc. e.g. https://github.com/FriendsOfSymfony/FOSOAuthServerBundle

    Alternatively you can do it manually, which will require a bit more coding, but can be tailored to your needs and potentially smaller operational costs. In this case your app1 should provide an API to return user info by sessionId, and app2 should implement custom authentication to query this API. The API should not be exposed, and be available only to the app2 container.

    点赞 评论 复制链接分享

相关推荐