I'm using Symfony 2.3 and I have a problem on my production server.
It happens (not always) that (I did not understand what opportunities) in the production environment all AJAX requests fail. In prod.log I have:
security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-08-08 16:03:28] security.INFO: No expression found; abstaining from voting. [] []
[2013-08-08 16:03:28] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/clients/client1/web1/web/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point
If I am in prod environment and I refresh the page (after the ajax errors), nothing happens. I'm still logged in. But ajax fails with same errors. If I switch to app_dev.php the errors disappear and AJAX works.
(The ajax routes is under game/* pattern)
Here my config:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Gdr\UserBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
database:
entity: { class: GdrUserBundle:User, property: email }
firewalls:
secured_area:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
success_handler: authentication_handler
logout:
path: /logout
target: /
success_handler: authentication_handler
invalidate_session: true
anonymous: ~
access_control:
- { path: /game/*, roles: ROLE_USER }
- { path: /login/choose-character, roles: ROLE_USER }
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY}
- { path: /logout, roles: ROLE_USER }
- { path: /admin/*, roles: ROLE_ADMIN }
######Config.yml
framework:
session:
cookie_lifetime: 0
save_path: "%kernel.root_dir%/Sessions/"
cookie_httponly: false
# save_path: ~
Every ajax request that I log with firebug send a 302 header to redirect to login. If I try to access without AJAX to the url, it works. No 302 code.
Any idea?