"A Token was not found in the SecurityContext" on Silex / Symfony

Question

I built a Silex project with an login mechanism.

Not being a Symfony expert, I strictly followed the guidelines here for the authentication process : http://silex.sensiolabs.org/doc/providers/security.html

... and it works fine on my development environment

However, when I pushed my project on my production server, I get the following error each time I try to log into my web app

[2012-12-18 16:35:33] CRITICAL: Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException:
A Token was not found in the SecurityContext. (uncaught exception) at
/my/app/path/vendor/symfony/security/Symfony/Component/Security/Http/Firewall/AccessListener.php line 53 [] []

which means that the following code in AccessListener.php

$this->context->getToken());

throws an expection

Given the fact that the same code works perfectly fine on my development environment, I assume it has something to do with my production server configuration.

I found this thread http://groups.google.com/forum/#!msg/symfony-devs/jKphNy_0Q2Y/vYfkAuyjSHEJ that suggests to add the following line to my project's .htaccess

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

with no result. I still get the "A Token was not found in the SecurityContext" exception.

Does anybody have an idea ?

Edit The content of $app['security.firewalls'] is the following

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'login' => array(
  'pattern' => '^/login$'
),
'admin' => array(
  'pattern' => '^/',
  'form'    => array('login_path' => '/login', 'check_path' => '/admin/login_check'),
  'logout'  => array('logout_path' => '/admin/logout'), // url to call for logging out
  'users' => array(
  'admin' => array('ROLE_ADMIN', 'SOMEPASSWORD'),
  ),
)
)
));

Answer 1

It seems it has nothing to do with HTTP Basic Auth, because you don't use it in any of your firewalls. What you use is a firewall with a form entry point, which then uses session to store the security token.

I would suggest you to look at how sessions (and cookies) are managed on prod server compared to your dev environment.