I have implemented this tutorial on saving the session into the database but the problem is the login didn't work after I've applied it with my App, it seems that it didnt get the entity based on this logs:
[2014-02-26 05:47:10] request.INFO: Matched route "fos_user_security_check" (parameters: "_controller": "FOS\UserBundle\Controller\SecurityController::checkAction", "_route": "fos_user_security_check") [] []
[2014-02-26 05:47:10] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2014-02-26 05:47:10] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2014-02-26 05:47:10] security.INFO: Authentication request failed: Invalid CSRF token. [] []
[2014-02-26 05:47:10] security.DEBUG: Redirecting to /login [] []
as opposed to the default sessionhandler where it login just fine:
[2014-02-26 07:10:07] request.INFO: Matched route "fos_user_security_check" (parameters: "_controller": "FOS\UserBundle\Controller\SecurityController::checkAction", "_route": "fos_user_security_check") [] []
[2014-02-26 07:10:07] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2014-02-26 07:10:07] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2014-02-26 07:10:07] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.first_name AS first_name18, t0.last_name AS last_name19, t0.date_created AS date_created20 FROM Users t0 WHERE t0.username_canonical = ? LIMIT 1 ["rainercedric23"] []
[2014-02-26 07:10:07] security.INFO: User "rainercedric23" has been authenticated successfully [] []
as you can see the logs shows that there's no interaction with doctrine with the PdoSessionHandler compared to the default session handler. I also noticed after the form has been submitted the listener can't get the CSRF token that makes the authentication request failed.
UPDATE:
This is the logs without CSRF token, It authenticates the user but after it leaves the page it writes another session in the database which makes the next page user token anonymous again:
[2014-02-26 07:39:59] security.INFO: User "rainercedric23" has been authenticated successfully [] []
[2014-02-26 07:39:59] security.DEBUG: Read SecurityContext from the session [] []
[2014-02-26 07:39:59] security.DEBUG: Reloading user from user provider. [] []
[2014-02-26 07:39:59] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.first_name AS first_name18, t0.last_name AS last_name19, t0.date_created AS date_created20 FROM Users t0 WHERE t0.id = ? LIMIT 1 [7] []
[2014-02-26 07:39:59] security.DEBUG: Username "rainercedric23" was reloaded from user provider. [] []
[2014-02-26 07:40:00] security.DEBUG: Write SecurityContext in the session [] []
[2014-02-26 07:40:00] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2014-02-26 07:40:00] security.DEBUG: Access is denied (user is not fully authenticated)
[2014-02-26 07:40:00] security.DEBUG: Calling Authentication entry point [] []
any ideas on how to solve it? thanks!~
Authentication request failed: Invalid CSRF token.
Check wether the session was started correctly using$session->isStarted()
. btw. did you clear all caches AND your browser cache ? – Nicolai Fröhlich