logo
Ask your Symfony questions! Pay money and get answers fast! (more info)

Warning: Please do not give out any FTP or ssh credentials to anyone, unless you trust them completely. Giving out login details is dangerous.

If the asker does not get an answer then they have 10 days to request a refund.

$4
Why would a session cookie not get set?

I am working on a cranky 1.0 Symfony site. I am trying to install the sfGuardUser plugin. In this file:

lib/validator/sfGuardUserValidator.class.php

The code gets to the line where the user is successfully signed in:

  public function execute(&$value, &$error)
{
$password_field = $this->getParameterHolder()->get('password_field');
$password = $this->getContext()->getRequest()->getParameter($password_field);

$remember = false;
$remember_field = $this->getParameterHolder()->get('remember_field');
$remember = $this->getContext()->getRequest()->getParameter($remember_field);

$username = $value;

$user = sfGuardUserPeer::retrieveByUsername($username);

// user exists?
if ($user)
{
// password is ok?
if ($user->checkPassword($password))
{
$this->getContext()->getUser()->signIn($user, $remember);
$_SESSION['login_error'] = "We found your user account but your password was wrong.";
return true;
} else {
$_SESSION['login_error'] = "We found your user account but your password was wrong.";
}
} else {
$_SESSION['login_error'] = "We were unable to find a user account with that name.";
}
$error = $this->getParameterHolder()->get('username_error');

return false;
}



I added the $_SESSION messages to be sure the user was getting to this line:

$this->getContext()->getUser()->signIn($user, $remember);


However, no cookie is ever set, so the user is instantly logged out as soon as they go to a new page.

But cookies can work - I have enabled the Remember Me filter:

security:
class: sfGuardBasicSecurityFilter


This does set a cookie.

Why would the main cookie not be set? Or maybe set but then unset?

This question has been answered.

marshall | 05/11/10 at 12:02pm Edit


(10) Responses

See a threaded view of answers?

Warning: Please do not give out any FTP or ssh credentials to anyone, unless you trust them completely. Giving out login details is dangerous.

  • avatar
    Last edited:
    05/11/10
    12:55pm
    michalg says:

    Are you sure you don't have any problem with browser? If you have firefox you can install firebug and firecookie and look if cookies are set - maybe cookies are set, but there is some problem with session?

    Maybe authentication is toggled of somewhere?

    Look at sfBasicSecurityUser.class.php


    167 /**
    168 * Sets authentication for user.
    169 *
    170 * @param boolean
    171 */
    172 public function setAuthenticated($authenticated)
    173 {
    174 if (sfConfig::get('sf_logging_enabled'))
    175 {
    176 $this->getContext()->getLogger()->info('{sfUser} user is '.($authenticated === true ? '' : 'not ').'authenticated');
    177 }
    178
    179 if ($authenticated === true)
    180 {
    181 $this->authenticated = true;
    182 }
    183 else
    184 {
    185 $this->authenticated = false;
    186 $this->clearCredentials();
    187 }
    188 }


    You could debug this function (throw exception if $authenticated is set to false). Actually it should be logged, so you can also look at logs.

    You could also try debuging sfSessionStorage::initialize (session should be started there) and ::write (check if authenticated is saved)

    Previous versions of this answer: 05/11/10 at 12:35pm

  • avatar
    Last edited:
    05/11/10
    2:17pm
    Bill Hunt says:

    There are a bunch of things that could be going on here. I'd try a couple of trivial tests to make sure that Sessions are being written at all - just create a page that has:

    print $_SESSION['counter']++;


    and reload a few times to see if anything happens. If that's not working, check the file system to make sure that the session directory (often it's /tmp/) is writeable by the webserver.

    If that's working fine, you might make sure that you're not redirecting and leaving the session open - any header('Location: ... calls should be proceeded by a session_write_close() call just to be safe. Also, if session_autostart isn't enabled, you'll have to make sure that session_start() is called on each page you want to use it on. Last, make sure that nothing else is hijacking the session or using a new session name, which will remove anything in your previous session.

  • avatar
    Last edited:
    05/11/10
    12:39pm
    marshall says:

    In sfSessionStorage::initialize, I echo the variables:


    public function initialize($context, $parameters = null)
    {
    // initialize parent
    parent::initialize($context, $parameters);

    // set session name
    $sessionName = $this->getParameterHolder()->get('session_name', 'symfony');

    echo "the session name: ";
    echo $sessionName;


    I get:

    the session name: msc_cookie

  • avatar
    Last edited:
    05/11/10
    12:41pm
    marshall says:

     
    $use_cookies = (boolean) ini_get('session.use_cookies');

    echo "Use cookies: ";
    echo $use_cookies;


    get me:

    Use cookies: 1

  • avatar
    Last edited:
    05/11/10
    12:43pm
    marshall says:

    print_r($cookieDefaults);


    gets me:

    Array ( [lifetime] => 0 [path] => / [domain] => [secure] => [httponly] => )

  • avatar
    Last edited:
    05/11/10
    12:44pm
    michalg says:

    What about debugging write method?


    echo $key;
    var_export($data);


    After successful login symfony/user/sfUser/authenticated should be set to true.

  • avatar
    Last edited:
    05/11/10
    12:47pm
    marshall says:

    huh.


    echo "auto start: ";
    echo $this->getParameter('auto_start');

    if ($this->getParameter('auto_start', true))
    {

    echo "start our session";
    // start our session
    session_start();
    }
    }



    gets nothing:

    auto start: 


    assuming some previous programmer turned this off, where is this set?

  • avatar
    Last edited:
    05/11/10
    12:50pm
    michalg says:

    First, try commenting this if with auto_start parameter - let's make sure that problem lays here.

  • avatar
    Last edited:
    05/11/10
    12:54pm
    marshall says:

    I see, factories.yml. thanks!

  • avatar
    Last edited:
    05/11/10
    12:55pm
    michalg says:

    Look at config/factories.yml, search for sfSessionStorage or auto_start

This question has expired.





Current status of this question: Completed



Warning: Please do not give out any FTP or ssh credentials to anyone, unless you trust them completely. Giving out login details is dangerous.

If the asker does not get an answer then they have 10 days to request a refund.