Symfony 3.0.2
My configuration (everything else is by default):
session:
handler_id: ~
save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%"
cookie_httponly: false
safety:
security:
encoders:
XXX\UserBundle\Entity\User:
algorithm: bcrypt
cost: 12
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_MODERATOR: ROLE_USER
ROLE_ADMIN: ROLE_MODERATOR
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
xx_userbundle:
id: xx.user_provider
firewalls:
public:
pattern: ^/report/(footer|report)
security: false
main:
pattern: ^/
anonymous: ~
guard:
provider: xx_userbundle
authenticators:
- xx.user_authenticator
logout:
path: /auth/logout
remember_me:
name: vsess
secret: "%secret%"
lifetime: 604800 # 1 week in seconds
path: /
remember_me_parameter: remember_me
access_control:
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/auth, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_MODERATOR }
- { path: ^/, role: ROLE_USER }
I use security features that allow auth to use json content from angular.
UserAuthenticatorthe class is by default, except for one onAuthenticationSuccess, which looks like this:
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
$targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');
if (!$targetPath) {
$targetPath = $this->getDefaultSuccessRedirectUrl();
}
$jsonRequest = $request->getContentType() == 'json';
if ($request->isXmlHttpRequest() || $jsonRequest) {
$data = array(
'success' => true,
'redirect' => $targetPath
);
return new JsonResponse($data);
} else {
return new RedirectResponse($targetPath);
}
}
Everything works fine and dandy EXCEPT saves the session to a file, session dir is empty. Although when I check Requestthe session identifier, there is. When I check the login in the profiler, I see the following:
security Guard authenticator set success response.
Context: { "response": "Object(Symfony\\Component\\HttpFoundation\\JsonResponse)", "authenticator": "XXX\\UserBundle\\Security\\UserAuthenticator" }
security Clearing remember-me cookie.
Context: { "name": "vsess" }
security Did not send remember-me cookie.
Context: { "parameter": "remember_me" }
security Remember-me was not requested.
security The "XXX\UserBundle\Security\UserAuthenticator" authenticator set the response. Any later authenticator will not be called
security Stored the security token in the session.
Context: { "key": "_security_main" }
BUT, the set-cookie in the request is empty:
set-cookie vsess=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly
Is there a reason why it doesn't work? Do I have to save the session or cookie myself? I bet there is some kind of problem with the wrong configuration. Thanks in advance.