Symfony2 Guard不保存会话

时间:2016-03-02 02:27:03

标签: php angularjs symfony session

Symfony 3.0.2

我的配置(其他一切都接近默认值):

session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
    save_path:   "%kernel.root_dir%/../var/sessions/%kernel.environment%"
    cookie_httponly: false

安全性:

security:
    encoders:
        XXX\UserBundle\Entity\User:
            algorithm: bcrypt
            cost: 12

    role_hierarchy:
        ROLE_USER:          ROLE_USER
        ROLE_MODERATOR:     ROLE_USER
        ROLE_ADMIN:         ROLE_MODERATOR
        ROLE_SUPER_ADMIN:   ROLE_ADMIN

    providers:
        xx_userbundle:
            id: xx.user_provider

    firewalls:
        public:
            pattern: ^/report/(footer|report)
            security: false

        main:
            pattern: ^/
            anonymous: ~

            guard:
                provider: xx_userbundle
                authenticators:
                    - xx.user_authenticator

            logout:
                path: /auth/logout

            remember_me:
                name: vsess
                secret: "%secret%"
                lifetime: 604800 # 1 week in seconds
                path: /
                remember_me_parameter: remember_me

    access_control:
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/auth, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, role: ROLE_MODERATOR }
        - { path: ^/, role: ROLE_USER }

我正在使用防护功能来允许使用角度的json内容进行身份验证。 UserAuthenticator类接近默认值,唯一的例外是onAuthenticationSuccess,如下所示:

public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
    $targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');

    if (!$targetPath) {
        $targetPath = $this->getDefaultSuccessRedirectUrl();
    }
    $jsonRequest = $request->getContentType() == 'json';

    if ($request->isXmlHttpRequest() || $jsonRequest) {
        $data = array(
            'success' => true,
            'redirect' => $targetPath
        );

        return new JsonResponse($data);
    } else {
        return new RedirectResponse($targetPath);
    }
}

一切正常并且花花公子除了将会话保存到文件,会话目录为空。虽然当我检查Request会话ID时。当我在profiler中检查登录路线时,我看到了:

security    Guard authenticator set success response.
Context: { "response": "Object(Symfony\\Component\\HttpFoundation\\JsonResponse)", "authenticator": "XXX\\UserBundle\\Security\\UserAuthenticator" }
security    Clearing remember-me cookie.
Context: { "name": "vsess" }
security    Did not send remember-me cookie.
Context: { "parameter": "remember_me" }
security    Remember-me was not requested.
security    The "XXX\UserBundle\Security\UserAuthenticator" authenticator set the response. Any later authenticator will not be called
security    Stored the security token in the session.
Context: { "key": "_security_main" }

但请求中的set-cookie为空:

set-cookie  vsess=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly

有什么理由不工作吗?我应该自己保存会话或cookie吗?我打赌存在某种错误配置问题。提前谢谢。

0 个答案:

没有答案
相关问题
最新问题