Ask your Symfony questions! Pay money and get answers fast! (more info)

Why would a session cookie not get set? Symfony


I am working on a cranky 1.0 Symfony site. I am trying to install the sfGuardUser plugin. In this file:


The code gets to the line where the user is successfully signed in:

public function execute(&$value, &$error)
$password_field = $this->getParameterHolder()->get('password_field');
$password = $this->getContext()->getRequest()->getParameter($password_field);

$remember = false;
$remember_field = $this->getParameterHolder()->get('remember_field');
$remember = $this->getContext()->getRequest()->getParameter($remember_field);

$username = $value;

$user = sfGuardUserPeer::retrieveByUsername($username);

// user exists?
if ($user)
// password is ok?
if ($user->checkPassword($password))
$this->getContext()->getUser()->signIn($user, $remember);
$_SESSION['login_error'] = "We found your user account but your password was wrong.";
return true;
} else {
$_SESSION['login_error'] = "We found your user account but your password was wrong.";
} else {
$_SESSION['login_error'] = "We were unable to find a user account with that name.";
$error = $this->getParameterHolder()->get('username_error');

return false;

I added the $_SESSION messages to be sure the user was getting to this line:

$this->getContext()->getUser()->signIn($user, $remember);

However, no cookie is ever set, so the user is instantly logged out as soon as they go to a new page.

But cookies can work - I have enabled the Remember Me filter:

class: sfGuardBasicSecurityFilter

This does set a cookie.

Why would the main cookie not be set? Or maybe set but then unset?

Answers (2)


michalg answers:

Are you sure you don't have any problem with browser? If you have firefox you can install firebug and firecookie and look if cookies are set - maybe cookies are set, but there is some problem with session?

Maybe authentication is toggled of somewhere?

Look at sfBasicSecurityUser.class.php

167 /**
168 * Sets authentication for user.
169 *
170 * @param boolean
171 */
172 public function setAuthenticated($authenticated)
173 {
174 if (sfConfig::get('sf_logging_enabled'))
175 {
176 $this->getContext()->getLogger()->info('{sfUser} user is '.($authenticated === true ? '' : 'not ').'authenticated');
177 }
179 if ($authenticated === true)
180 {
181 $this->authenticated = true;
182 }
183 else
184 {
185 $this->authenticated = false;
186 $this->clearCredentials();
187 }
188 }

You could debug this function (throw exception if $authenticated is set to false). Actually it should be logged, so you can also look at logs.

You could also try debuging sfSessionStorage::initialize (session should be started there) and ::write (check if authenticated is saved)

marshall comments:

In sfSessionStorage::initialize, I echo the variables:

public function initialize($context, $parameters = null)
// initialize parent
parent::initialize($context, $parameters);

// set session name
$sessionName = $this->getParameterHolder()->get('session_name', 'symfony');

echo "the session name: ";
echo $sessionName;

I get:

the session name: msc_cookie

marshall comments:

$use_cookies = (boolean) ini_get('session.use_cookies');

echo "Use cookies: ";
echo $use_cookies;

get me:

Use cookies: 1

marshall comments:


gets me:

Array ( [lifetime] => 0 [path] => / [domain] => [secure] => [httponly] => )

michalg comments:

What about debugging write method?

echo $key;

After successful login <strong>symfony/user/sfUser/authenticated</strong> should be set to true.

marshall comments:


echo "auto start: ";
echo $this->getParameter('auto_start');

if ($this->getParameter('auto_start', true))

echo "start our session";
// start our session

gets nothing:

auto start:

assuming some previous programmer turned this off, where is this set?

michalg comments:

First, try commenting this if with auto_start parameter - let's make sure that problem lays here.

marshall comments:

I see, factories.yml. thanks!

michalg comments:

Look at config/factories.yml, search for sfSessionStorage or auto_start


Bill Hunt answers:

There are a bunch of things that could be going on here. I'd try a couple of trivial tests to make sure that Sessions are being written at all - just create a page that has:

print $_SESSION['counter']++;

and reload a few times to see if anything happens. If that's not working, check the file system to make sure that the session directory (often it's /tmp/) is writeable by the webserver.

If that's working fine, you might make sure that you're not redirecting and leaving the session open - any header('Location: ... calls should be proceeded by a session_write_close() call just to be safe. Also, if session_autostart isn't enabled, you'll have to make sure that session_start() is called on each page you want to use it on. Last, make sure that nothing else is hijacking the session or using a new session name, which will remove anything in your previous session.