Losing authenticated token in symfony

php session authentication token symfony-2.3
user2551667 picture user2551667 · Jul 4, 2013 · Viewed 8k times · Source

I have a problem with authenticating in symfony. Login_check authenticates user in database but after redirection to /dashboard which should be for authenticated user only, it seems that symfony is losing my token with user and role, replace it with anonymous one and redirects me to login page again.

It seems that my session token isn't refreshed some way after redirection.

security.yml

security:
    encoders:
        Rebound\Core\DataBundle\Entity\User: 
            algorithm: sha512
            encode_as_base64: false
            iterations: 10
    providers:
        database:
            entity: 
                class: ReboundDataBundle:User
                property: email
    role_hierarchy:
            ROLE_SUPER_USER: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
            ROLE_TEAM_MEMBER: [ROLE_SUPER_USER, ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
            ROLE_OWNER: [ROLE_TEAM_MEMBER, ROLE_SUPER_USER, ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
            anonymous: true
        secured_area:
            pattern:    ^/
            anonymous:  ~
            form_login:
                login_path:  /login
                check_path:  /login_check
                always_use_default_target_path: true
                default_target_path: /dashboard
                username_parameter: login_form[email]
                password_parameter: login_form[password]
            logout:
                path:   /logout
                target: /
    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/dashboard, roles: ROLE_USER }

this is the part of log generated by POST with user/password

[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2013-07-04 20:07:54] request.INFO: Matched route "rebound_logic_login_check" (parameters: "_route": "rebound_logic_login_check") [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2013-07-04 20:07:54] doctrine.DEBUG: SELECT t0.id AS id1, t0.name AS name2, t0.email AS email3, t0.password AS password4, t0.salt AS salt5, t0.image_file_name AS image_file_name6, t0.position AS position7, t0.timezone_id AS timezone_id8, t0.timezone_id AS timezone_id9 FROM user t0 WHERE t0.email = ? LIMIT 1 ["[email protected]"] []
[2013-07-04 20:07:54] doctrine.DEBUG: SELECT t0.id AS id1, t0.name AS name2, t0.alias AS alias3 FROM role t0 INNER JOIN user_role ON t0.id = user_role.role_id WHERE user_role.user_id = ? [1] []
[2013-07-04 20:07:54] security.INFO: User "[email protected]" has been authenticated successfully [] []
[2013-07-04 20:07:54] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2013-07-04 20:07:54] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] []
[2013-07-04 20:07:54] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2013-07-04 20:07:54] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2013-07-04 20:07:54] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2013-07-04 20:07:54] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2013-07-04 20:07:55] request.INFO: Matched route "_wdt" (parameters: "_controller": "web_profiler.controller.profiler:toolbarAction", "token": "147cfa", "_route": "_wdt") [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.controller" to listener "Symfony\Bundle\FrameworkBundle\DataCollector\RouterDataCollector::onKernelController". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.controller" to listener "Symfony\Component\HttpKernel\DataCollector\RequestDataCollector::onKernelController". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ControllerListener::onKernelController". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ParamConverterListener::onKernelController". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\TemplateListener::onKernelController". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2013-07-04 20:07:55] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []

This is the part of log generated while trying to access /dashboard

[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2013-07-04 20:08:53] request.INFO: Matched route "rebound_logic_dashboard" (parameters: "_controller": "Rebound\Core\LogicBundle\Controller\DashboardController::indexAction", "_route": "rebound_logic_dashboard") [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2013-07-04 20:08:53] security.DEBUG: Read SecurityContext from the session [] []
[2013-07-04 20:08:53] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2013-07-04 20:08:53] security.DEBUG: Access is denied (user is not fully authenticated) by "F:\Programs\wamp\www\rebound\vendor\symfony\symfony\src\Symfony\Component\Security\Http\Firewall\AccessListener.php" at line 73; redirecting to authentication entry point [] []
[2013-07-04 20:08:53] security.DEBUG: Calling Authentication entry point [] []
[2013-07-04 20:08:53] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException" stopped propagation of the event "kernel.exception". [] []
[2013-07-04 20:08:53] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelException" was not called for event "kernel.exception". [] []
[2013-07-04 20:08:53] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ExceptionListener::onKernelException" was not called for event "kernel.exception". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2013-07-04 20:08:53] security.DEBUG: Write SecurityContext in the session [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2013-07-04 20:08:53] request.INFO: Matched route "_wdt" (parameters: "_controller": "web_profiler.controller.profiler:toolbarAction", "token": "b10b3b", "_route": "_wdt") [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.controller" to listener "Symfony\Bundle\FrameworkBundle\DataCollector\RouterDataCollector::onKernelController". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.controller" to listener "Symfony\Component\HttpKernel\DataCollector\RequestDataCollector::onKernelController". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ControllerListener::onKernelController". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ParamConverterListener::onKernelController". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\TemplateListener::onKernelController". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2013-07-04 20:08:53] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []

Please help, i just spent about 10 hours trying to solve this problem :/

Answer

dirkaholic picture dirkaholic · Jul 18, 2013

As described here https://github.com/FriendsOfSymfony/FOSUserBundle/issues/689 this problem sometimes occurs when changing security settings. So probably just deleting the cookies for your site could work.

But it could also be caused by other problems regarding the session. I just experienced it while I configured sessions to be stored in memcache but memcached was not running.

Related questions

PHP Sessions across sub domains

I am trying to set up the following: auth.example.com sub1.example.com sub2.example.com If the user visits sub1.example.com or sub2.example.com and they are not logged in, they get redirected over to auth.…

Read More
file_get_contents from url that is only accessible after log-in to website

I would like to make a php script that can capture a page from a website. Think file_get_contents($url). However, this website requires that you fill in a username/password log-in form before you can access any page. …

Read More
How do I expire a PHP session after 30 minutes?

I need to keep a session alive for 30 minutes and then destroy it.

Read More