I'm about to be crazy with an error in Symfony2.4 login with UsernamePasswordToken...
I have on my site to autologin users with their URL and a Hash of their user. The Action is very simple, and the only think that I do (after some checks) is:
$token = new UsernamePasswordToken($user, $user->getPassword(), 'secured_area', $user->getRoles());
$this->get('security.context')->setToken($token);
With this, in some cases it works (when I try it always works...) but in some cases doesn't works... The log in this cases says:
[2014-10-30 15:47:25] request.INFO: Matched route "_my_route" (parameters: "_controller": "MyController", "url": "my-url", "hash": "2f5fccc7b5fc2d41bbc3e1e469655f24f540e383", "_route": "_my_route") [] []
[2014-10-30 15:47:25] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2014-10-30 15:47:25] security.DEBUG: Write SecurityContext in the session [] []
[2014-10-30 15:47:25] request.CRITICAL: Uncaught PHP Exception RuntimeException: "Failed to start the session because headers have already been sent by "/route/app/bootstrap.php.cache" at line 1365." at /route/app/cache/prod/classes.php line 119 {"exception":"[object] (RuntimeException: Failed to start the session because headers have already been sent by \"/route/app/bootstrap.php.cache\" at line 1365. at /route/app/cache/prod/classes.php:119)"} []
[2014-10-30 15:47:25] security.DEBUG: Write SecurityContext in the session [] []
Why headers have already sent? Why only in some cases? Somebody knows frequently cases when it happens?
I tried a lot of things: check that no characters printed before this, change firewalls in security.yml, put sessions in disk file, ...
I think that all is OK.
My User Entity:
class MyUser implements UserInterface, \Serializable
{
...
/**
* Serializes the user.
*
* The serialized data have to contain the fields used byt the equals method.
*
* @return string
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->password,
$this->email
));
}
/**
* Unserializes the user.
*
* @param string $serialized The serialized string
*
* @return void
*/
public function unserialize($serialized)
{
list(
$this->id,
$this->password,
$this->email
) = unserialize($serialized);
}
...
Security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
MyProject\PublicBundle\Entity\MyUser:
algorithm: sha1
iterations: 1
encode_as_base64: false
role_hierarchy:
ROLE_USER: ROLE_PENDING
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class: MyProject\PublicBundle\Entity\MyUser, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
failure_path: /login
username_parameter: email
password_parameter: password
default_target_path: /login-redirect
logout:
path: /logout
target: /
remember_me:
key: "aSecretKey"
lifetime: 321408000
path: /
domain: %domain%
config.yml (session section was added after first errors)
framework:
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
handler_id: session.handler.native_file
save_path: "%kernel.root_dir%/sessions"
fragments: ~
http_method_override: true
