Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a way to stop Symfony2 sending session cookies for certain paths?

Tags:

php

session-cookies

symfony

I'm implementing a web service as part of a Symfony2 site that will be accessed using JSONp and iframes from another (static) site. When a user logs in using an iFrame, Safari doesn't keep the session, so I store the session ID in the cookies of the static site using javascript, and pass it back in the GET or POST parameters of requests, which is working fine.

The problem is that on other browsers, the session cookie for the web service is being retained, which means that when the user logs out, they are in fact still logged in to the Symfony site.

Is there a way to, for the web service part of the symfony site only, disable PHP session cookies, preferably in a Symfony2 friendly way (as opposed to, for example, messing with .htaccess)?

I still want a session, but will maintain it by passing a PHPSESSID variable myself in all the requests I make.

like image 455
rjmunro Avatar asked Apr 27 '12 15:04

rjmunro

People also ask

What is Symfony session in PHP?

Symfony sessions are designed to replace several native PHP functions. Applications should avoid using session_start (), session_regenerate_id () , session_id (), session_name (), and session_destroy () and instead use the APIs in the following section.

What is the use of session bag in Symfony?

To help overcome this, Symfony uses session bags linked to the session to encapsulate a specific dataset of attributes or flash messages. This approach also mitigates namespace pollution within the $_SESSION super-global because each bag stores all its data under a unique namespace.

What are session cookies and how do they work?

And each session cookie has a unique session ID. A website uses this ID to authenticate the user and establish a trusted connection. For example, to log in to Facebook, you need to enter your username and password. Next, a session is created with a unique ID. Any requests you make to the Facebook website will be authenticated with this ID.

What is the purpose of the attributebaginterface in Symfony?

This is called internally by Symfony session storage classes to link bag data to the session. Returns the name of the session bag. Clears out data from the bag. The purpose of the bags implementing the AttributeBagInterface is to handle session attribute storage.

1 Answers

This might just be the thing you're looking for. Have stateless firewalls:

In your security.yml

# app/config/security.yml
security:
    firewalls:
        main:
            stateless:  true
like image 164
Reza S Avatar answered Nov 10 '22 06:11

Reza S
Sign in to Comment

Related questions

What Are the Reflection Classes in php? [duplicate]
How to efficiently monitor a directory for changes on linux?
Generating WSDL with NuSOAP - return struct with various types (int, string, array of structs)
How to load MVC views into main template file
How to generate a unique url for images (imgur.com like) in php? [duplicate]
Connect to Sharepoint Database through PHP
What do PHP closures return in IF statements?
Extract X number of words surrounding a given search string within a string
How to SELECT DEFAULT value of a field
Special characters in REST request
How to check a domain age using php
Make sure exactly one boolean of a given list is true?
How to add uncovered files to PHPUnit code coverage report of the Yii application
update time of each record in MongoDB
Zend Framework - plugin by name was not found in registry
Real SQL syntax highlighting in PHP scripts with Vim
Why is mcrypt_encrypt() putting binary characters at the end of my string?
Escape Regex Newline
Fetch range from days
How to decode/inflate a chunked gzip string?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!