Menu
My Symfony2 application replaces my PHPSESSID cookie when it logs me in. Is this expected behavior? It makes no sense to me... why not just keep the same PHPSESSID?
Here's a little more detail.
To log in to my application, I must first make a request to a URL that hits my app:
$ telnet myapp 80
GET / HTTP/1.1
Host: myapp
I'm redirected to another URL (/login) and given a PHPSESSID cookie. Fine. Then I POST to /login_check something like _username=blah&_password=blah, and whether or not I provide proper credentials, I'm sent a different PHPSESSID cookie.
Seems like most anything works for this first request, but I must make some request (I can't just POST to /login_check and be logged in). Is this expected behavior?
Not sure if it matters, but I'm using FOSUserBundle.
I guess I should mention that none of this matters until I put my application on two webservers behind a load balancer, and tell the load balancer to use stickiness based on PHPSESSID. As you might imagine, the PHPSESSID replacement behavior prevents login from working if a client happens to bounce to the other webserver.
Possible duplicate: Symfony2: login does not work on first try after clearing cookies
615
It is to prevent session fixation. I would advise another cookie then the session one for loadbalancing.
154
This can be a bug. For symfony2.0 if you try to read something from session or even try to get a session identifier when SessionListener was not invoked yet you will notice that the new session is started with another PHPSESSID.
This also can be related to locale support, here is my issue for this: https://github.com/symfony/symfony/issues/3662
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
