I'm trying to implement a rather basic login form with Symfony2.3, but I'm running into an error where I'm sometimes redirected to the expected page after providing correct credentials, but sometimes not (instead I'm just redirected back to the login page). Here is my security.yml file:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Acme\MyBundle\Entity\User: sha512
providers:
main:
id: acme.user.provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/login$
security: false
secured_area:
pattern: ^/
form_login: ~
logout:
path: /logout
target: /
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/, roles: ROLE_USER, requires_channel: https }
Here is my SecurityController:
<?php
namespace Acme\MyBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\SecurityContextInterface;
/**
* Class SecurityController
* @package Acme\MyBundle\Controller
*
* @Route("/")
*/
class SecurityController extends Controller
{
/**
* @param Request $request
* @return \Symfony\Component\HttpFoundation\Response
*
* @Route("/login", requirements={"_scheme" = "https"}, path="login")
*/
public function LoginAction(Request $request)
{
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContextInterface::AUTHENTICATION_ERROR
);
} elseif (null !== $session && $session->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
$session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
} else {
$error = '';
}
// last username entered by the user
$lastUsername = (null === $session) ? '' : $session->get(SecurityContextInterface::LAST_USERNAME);
return $this->render(
'AcmeMyBundle:Security:login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'error' => $error,
)
);
}
/**
* @Route("/login_check", requirements={"_scheme" = "https"}, path="login_check")
*/
public function LoginCheckAction()
{
}
/**
* @Route("/logout", requirements={"_scheme" = "https"}, path="logout")
*/
public function LogoutAction()
{
}
}
And here is my bundle's routing.yml file:
_security:
resource: "@AcmeMyBundle/Controller/SecurityController.php"
type: annotation
When I provide the proper credentials, I'm correctly logged in / redirected to the given URL about 20% of the time. The other 80% of the time I'm just redirected back to the form login page with no error message. I also don't see any error message when I try to login with incorrect credentials.
UPDATE: It looks like the issue is that Symfony is creating more than one session in my database on each request. I am using the pdo handler.
