Strange unexpected user logout - symfony 2.3.32

0
votes

I really did all the best trying to resolve this issue with no avail. All similar questions on SO don't seem easy for me to understand. User get logged out after one page refresh, sometimes after two...there is no logic in this behaviour.

I am not familiar to log files, it is the first time I am reading them and I hope I am giving you the appropriate lines among the hundreds. By the way, these lines are about some internal Symfony stuff that I still don't get:

[2015-10-18 20:48:18] request.INFO: Matched route "user_admin_page" (parameters:"_controller": "Members\Bundle\ManagementBundle\Controller\AdminController::indexAction", "_route": "user_admin_page") [] []

.......

[2015-10-18 20:48:18] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] [] [2015-10-18 20:48:19] security.INFO: Populated SecurityContext with an anonymous Token [] []

[2015-10-18 20:48:19] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []

[2015-10-18 20:48:19] security.DEBUG: Access is denied (user is not fully authenticated) by "C:\xampp\htdocs\community\vendor\symfony\symfony\src\Symfony\Component\Security\Http\Firewall\AccessListener.php" at line 70; redirecting to authentication entry point [] []

[2015-10-18 20:48:19] security.DEBUG: Calling Authentication entry point [] []

[2015-10-18 20:48:19] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException" stopped propagation of the event "kernel.exception". [] []

......

[2015-10-18 20:48:19] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []

[2015-10-18 20:48:19] security.DEBUG: Write SecurityContext in the session [] []

Your help is much appreciated.

1
phpsymfony
There is no code shown to support any educated guess but I suspect you forgot to session_start() on every page load... It's not enough to call session_start and set a session variable when your user logs in. To refer to that session variable in future pages you first need to start the session again on each page. Better say on each php file loaded. - Julio Soares
@JulioSoares, thank you for your feedback. I agree that I didn't give enough details (code). Well, I don't remember I have used the session_start() somewhere, I only configured some security in security.yml, and did the minimal configuration of FOSUserBundle. In my small understanding, I was abstracted from such raw basic functions! - Adib Aroui
@JulioSoares, I gave it more research based on you hint. Here is the point: Symfony uses a component (HTTPFoundation component) which includes a subsystem for session management. The aim of this subsystem is to never use native session_ php native functions but replace them with similar but enhanced ones. that's why I didn't recognize it when you mentionned it yesterday. Other thing regarding my issue is the line: security.INFO: Populated SecurityContext with an anonymous Token, when googled with these keywords, I found many related posts on SO which hopefully will help. I'll Be back - Adib Aroui
Sorry whiteletters, my bad. I did not pay atention to the content on the logs yesterday and I just assumed your were handling session yourself. I apologise. - Julio Soares
@JulioSoares, no problem sir. :-) , me too I was providing with a very long log. I just edited it right now to contain only necessary parts. Good day. - Adib Aroui

1 Answers

0
votes

Thank you everybody for giving time to this issue. Apparently, here is the cause and possible solution:

In my website, I used Ratchet, which is a PHP library that provides real-time connections over websockets. To attach a web session to a websocket connection I used the Ratchet Session Provider:

The SessionProvider will attach a Symfony2 Session object to each incoming Connection object that will give you read-only access to the session data from your website. The SessionProvider will not work with any of the Native* session handlers. It is suggested you use choose one of the following Symfony Custom Save Handlers:

MemcacheSessionHandler MemcachedSessionHandler PdoSessionHandler (in development) RedisSessionHandler

I used the PdoSessionHandler, which brought a change in my configuration from:

framework:
    ...
    session:
      handler_id: ~

to: 

framework:
    ...
    session:
      handler_id: session.handler.pdo # old configuration that caused the

Switching back to old situation removes the issue. Possible solution then:

  • Use another approach in storing session data.
  • Upgrade from Symfony 2.3 to Symfony 2.6, according to docs, many enhancements were added to PdoSessionHandler wich requires additionnal changes in code.
  • Keep the same code, upgrade Symfony2 but change the handler name to LegacyPdoSessionHanlder.

Further details:

http://symfony.com/doc/current/cookbook/doctrine/pdo_session_storage.html http://socketo.me/docs/sessions

Other solutions that I don't see due to my limited knowlege are welcome.