Interactive login in Symfony 2.6 looses credentials after redirect

Question

I am new to Symfony so it may well be that my question is the result of a simple error but I have been searching for an answer for quite a while with no success.

I am trying to log in a user that requests for a new password with a temporary token.

The relevant part of my controller is:

// auto log in the user
  $token = new UsernamePasswordToken($user, $user->getPassword(), 'main', $user->getRoles());
  $this->get("security.context")->setToken($token);

  // do the the login event
  $event = new InteractiveLoginEvent($request, $token);
  $this->get("event_dispatcher")->dispatch("security.interactive_login", $event);

  return $this->redirect($this->generateUrl('nononsense_home_homepage'));

If I get the user info with getUser before the redirect I can see that the credentials of the logged user are there but they are lost as soon as the redirect takes place.

Curiously enough if I purposedly include an error in the target page whenever symfony throws the errror I can check theat I am logged with the right credentials in the symfony dev bar!!! But if I correct the error and reload the page again I can see in the dev bar that the user is not authenticated any longer.

Firewall

main:
        pattern: ^/
        provider: main
        form_login:
            check_path: /users/check_user
            login_path: /users/login
            remember_me: true
            default_target_path: /users/login_init
        logout:
            path:   /users/logout
            target: /
        remember_me:
            key: Qn65f7wtgGZKCCzWQZps04AskmNSiZrvl3qVZRCCIp
            lifetime: 31536000
            path: /
            domain: ~
        anonymous: false
        switch_user: true

If you need any other chunk of code just let me know...

Yes I will edit the question to include the firewall settings. — Eduardo Ramos, Feb 16 '15 at 07:38
excuse me, can you post the `access_control` section of the `security.yml` also? The path of the route must be configured with a role — Matteo, Feb 16 '15 at 07:44
The access_control is empty because I want to allow any authenticated user to get in. By the way, when the users authenticate with the login form they have no problem to access the app. — Eduardo Ramos, Feb 16 '15 at 07:48
Try adding this access control rule: `- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }` — Matteo, Feb 16 '15 at 08:00
Last difference with some confs in my projects is that my firewall have `anonymous: ~` instead of your `anonymous: false`. I don't know if this can help... :( — Matteo, Feb 16 '15 at 08:28
I aleady tried that :-( The problem is not an access problem but that the session Token is lost for some unknown reasons to me. Anyhow, thank you very much for your help!! — Eduardo Ramos, Feb 16 '15 at 08:40

score 0 · Accepted Answer · edited May 23 '17 at 10:30

0

I found the correct answer in Automatic post-registration user authentication.

It has taken a while but I moved to different things and I retook the issue again to find that it was answered in this post.

edited May 23 '17 at 10:30

Community

1
1

answered May 12 '16 at 12:07

Eduardo Ramos

416
3
8

Interactive login in Symfony 2.6 looses credentials after redirect

1 Answers1