1

I am trying to use Symfony 2 security component, but I have a problem with IE9. It works in any other browser, which I found very odd. Symfony version 2.0.16.

Controller is like 'in the book'. I have a custom template file for the login form, using the one from documentation doesn't help. Also made custom routing paths, but specified them in seciurity config file. Here is the security config file, I have changed a little bit in there, but I think it is all in order...

security:
    encoders:
        Acme\MyBundle\Entity\User:
            algorithm:        sha1
            encode_as_base64: true
            iterations:       5

    role_hierarchy:
        ROLE_CLIENT: ROLE_USER
        ROLE_MANAGER: ROLE_USER
        ROLE_ADMIN: [ROLE_USER, ROLE_MANAGER, ROLE_ALLOWED_TO_SWITCH]

    providers:
        main:
            entity: { class: Acme\MyBundle\Entity\User, property: email }

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        dev_custom:
            pattern:  ^/createUser
            security: false
        login:
            pattern:  ^/(login-custom|remind-pass)$
            security: false
        secured_area:
            pattern:    ^/
            form_login:
                login_path: /login-custom
                check_path: /login-check-custom
            logout:
                path:   /logout-custom
                target: /

    access_control:
        - { path: ^/, roles: ROLE_USER }

After submitting form in IE9 I just get redirected back to the form, without validating data. In logfile I found:

[2012-08-14 02:51:00] security.INFO: Authentication request failed: Your session has timed-out, or you have disabled cookies. [] [] [2012-08-14 02:51:00] security.DEBUG: Redirecting to /login[] []

Ofcourse I have cookies enabled.

In ie console there is a warning 'HTML1113 goin to quirks mode'. What have I done wrong?

Luigi
  • 866
  • 13
  • 34

2 Answers2

0

I've found the answer here: ie complicated subdomain cookie problem

In short: ie silently drops cookies, when subdomain contains 'undesrcore'. I thought I misconfigured the security component or got something wrong with templates or headers, but that was not the case.

Community
  • 1
  • 1
Luigi
  • 866
  • 13
  • 34
0

Below is the configuration I set up in a project that worked fine in Chrome/Firefox/Safari in a local environment, but not in Internet Explorer.

I could see using fiddler that Internet Explorer didn't preserve the session cookie in the browser.

In production environment worked everything fine.

I realized that removing or setting to 0 the values for:

cookie_lifetime: 86400 # One day, cookie lifetime

gc_maxlifetime: 1800 # 30 minutes, session lifetime

Allowed to log in, so I set up this conf. for the dev environment.

I have the following configuration in my config.yml

framework:
    session:
        handler_id: session.handler.pdo
        name: sessid
        **cookie_lifetime: 86400 # One day, cookie lifetime
        gc_maxlifetime: 1800 # 30 minutes, session lifetime**
        lifetime: 84600
        gc_probability: 5
        gc_divisor: 100

Where handler_id is setup to manage sessions in mysql table. my_db_options: #this is a sessions storage table (see symfony2 doc for further info)

pdo.db_options:
    db_table:    sessions
    db_id_col:   ses_id
    db_data_col: ses_data
    db_time_col: ses_time
    db_lifetime_col: ses_lifetime

services.yml

session.handler.pdo:
    class:     Symfony\Component\HttpFoundation\Session\Storage\Handler\LegacyPdoSessionHandler #PdoSessionHandler (prev to versión 2.6.2)
    arguments: ["@session.database", "%pdo.db_options%"]

Hope this helps or give you a clue in your symfony setup.

Samuel Vicent
  • 991
  • 10
  • 16