I am trying to use Symfony 2 security component, but I have a problem with IE9. It works in any other browser, which I found very odd. Symfony version 2.0.16.
Controller is like 'in the book'. I have a custom template file for the login form, using the one from documentation doesn't help. Also made custom routing paths, but specified them in seciurity config file. Here is the security config file, I have changed a little bit in there, but I think it is all in order...
security:
encoders:
Acme\MyBundle\Entity\User:
algorithm: sha1
encode_as_base64: true
iterations: 5
role_hierarchy:
ROLE_CLIENT: ROLE_USER
ROLE_MANAGER: ROLE_USER
ROLE_ADMIN: [ROLE_USER, ROLE_MANAGER, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class: Acme\MyBundle\Entity\User, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
dev_custom:
pattern: ^/createUser
security: false
login:
pattern: ^/(login-custom|remind-pass)$
security: false
secured_area:
pattern: ^/
form_login:
login_path: /login-custom
check_path: /login-check-custom
logout:
path: /logout-custom
target: /
access_control:
- { path: ^/, roles: ROLE_USER }
After submitting form in IE9 I just get redirected back to the form, without validating data. In logfile I found:
[2012-08-14 02:51:00] security.INFO: Authentication request failed: Your session has timed-out, or you have disabled cookies. [] [] [2012-08-14 02:51:00] security.DEBUG: Redirecting to /login[] []
Ofcourse I have cookies enabled.
In ie console there is a warning 'HTML1113 goin to quirks mode'. What have I done wrong?
I've found the answer here: ie complicated subdomain cookie problem
In short: ie silently drops cookies, when subdomain contains 'undesrcore'. I thought I misconfigured the security component or got something wrong with templates or headers, but that was not the case.
Below is the configuration I set up in a project that worked fine in Chrome/Firefox/Safari in a local environment, but not in Internet Explorer.
I could see using fiddler that Internet Explorer didn't preserve the session cookie in the browser.
In production environment worked everything fine.
I realized that removing or setting to 0 the values for:
cookie_lifetime: 86400 # One day, cookie lifetime
gc_maxlifetime: 1800 # 30 minutes, session lifetime
Allowed to log in, so I set up this conf. for the dev environment.
I have the following configuration in my config.yml
framework:
session:
handler_id: session.handler.pdo
name: sessid
**cookie_lifetime: 86400 # One day, cookie lifetime
gc_maxlifetime: 1800 # 30 minutes, session lifetime**
lifetime: 84600
gc_probability: 5
gc_divisor: 100
Where handler_id is setup to manage sessions in mysql table. my_db_options: #this is a sessions storage table (see symfony2 doc for further info)
pdo.db_options:
db_table: sessions
db_id_col: ses_id
db_data_col: ses_data
db_time_col: ses_time
db_lifetime_col: ses_lifetime
services.yml
session.handler.pdo:
class: Symfony\Component\HttpFoundation\Session\Storage\Handler\LegacyPdoSessionHandler #PdoSessionHandler (prev to versión 2.6.2)
arguments: ["@session.database", "%pdo.db_options%"]
Hope this helps or give you a clue in your symfony setup.