My symfony application (3.4.8) seems to ignore any attempts to prolong the session. What would be the best course of action to troubleshoot this issue? The documentation is very vague.
app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
providers:
fos_userbundle:
id: fos_user.user_provider.username
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /
logout: true
anonymous: true
remember_me:
secret: '%secret%'
lifetime: 28000
path: /
access_denied_handler: app.security.access_denied_handler
config.yml
framework:
lock: 'semaphore'
#esi: ~
#translator: { fallbacks: ["%locale%"] }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
engines: ['twig']
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
handler_id: session.handler.native_file
save_path: "/tmp"
cookie_lifetime: 28800
fragments: ~
http_method_override: true
assets: ~
Maybe if you try this in your config:
session:
cookie_lifetime: 18000
gc_maxlifetime: 18000
Hope it helps !
Judging by this:
handler_id: session.handler.native_file
you're using a native session handler. From Symfony documentation:
So-called native handlers, are save handlers which are either compiled into PHP or provided by PHP extensions, such as PHP-Sqlite, PHP-Memcached and so on.
All native save handlers are internal to PHP and as such, have no public facing API. They must be configured by php.ini directives, usually session.save_path and potentially other driver specific directives.
Inspecting the NativeFileSessionHandler I've found no methods relating to session duration. That leads me to the conclusion that you have to set the duration on the PHP level, not on the Symfony level.
So, try setting the session.gc-maxlifetime (in your php.ini or calling ini_set) to 3600.
your setting will log out if you are inactive for more than 30 minutes.
You can add following in your yml file
#app/config/config.yml
session:
cookie_lifetime: 86400
gc_maxlifetime: 1800
gc_probability: 1
gc_divisor: 1
Related
My session for Symfony is being placed into the database as intended, however the issue is that the session lifetime is only 24 minutes. I'm attempting to increase this but it doesn't seem to be working.
My framework.yaml file:
session:
enabled: true
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler
cookie_secure: 'auto'
cookie_samesite: 'lax'
cookie_lifetime: 604800
My services.yaml file:
services:
Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
arguments:
- '%env(DATABASE_URL)%'
My security.yaml file:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
login_throttling:
limiter: app.custom.limiter
lazy: true
provider: app_user_provider
# https://symfony.com/doc/current/security/impersonating_user.html
switch_user: true
guard:
authenticators:
- App\Security\LoginFormAuthenticator
logout:
path: logout
# where to redirect after logout
# target: app_any_route
remember_me:
secret: ‘%kernel.secret%’
lifetime: 604800 # 1 week in seconds
What am I doing wrong here?
The default gc_maxlifetime in PHP is 1440 which explains the 24 minutes.
So update your session.gc_maxlifetime value.
With Symfony 3.3.16, my users are disconnected in 5/6 minutes. I don't understand.
This problem is only in production (OVH), not in dev.
session.gc_maxlifetime : 1440
security.yml :
security:
encoders:
AppBundle\Entity\User: bcrypt
providers:
database_users:
entity:
class: AppBundle\Entity\User
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: true
simple_form:
username_parameter: _email
authenticator: AppBundle\Security\Authenticator
check_path: login
login_path: login
success_handler: AppBundle\Handler\AuthenticationSuccessHandler
logout:
path: logout
handlers: [AppBundle\Handler\LogoutHandler]
success_handler: AppBundle\Handler\LogoutSuccessHandler
access_control:
- { path: '^/administration', roles: ROLE_ADMIN }
- { path: '^/user', roles: ROLE_USER }
Can you help me ?
In the symfony configuration reference, you can configure the session lifetime setting:
cookie_lifetime
This determines the lifetime of the session - in seconds. The default
value - null - means that the session.cookie_lifetime value from
php.ini will be used. Setting this value to 0 means the cookie is
valid for the length of the browser session.
gc_maxlifetime
This determines the number of seconds after which data will be seen as "garbage" and potentially cleaned up. Garbage collection may occur during session start and depends on gc_divisor and gc_probability.
Check their value in the config.yml and config_prod.yml
I understand you have already checked the the value of the php.ini value session.gc_maxlifetime
Hi!
I am becoming mad with the following error, found into the prod log, with Facebook Login, by HWIOAuthBundle. I have never encountered this bug on our localhosts. It occurred (and continues to occur) several times on prod, sporadically. I tried to set verify_peer to false inside config.yml, put off ipv6 on the nginx server, etc. Nothing had solved this problem.
Here is the exact error :
[2017-09-05 17:48:16] request.CRITICAL: Uncaught PHP Exception
HWI\Bundle\OAuthBundle\OAuth\Exception\HttpTransportException:
"Error while sending HTTP request" at
/home/keywinf/htdocs/www/vendor/hwi/oauth-bundle/OAuth/ResourceOwner/AbstractResourceOwner.php line 255
{"exception":"[object] (HWI\\Bundle\\OAuthBundle\\OAuth\\Exception\\HttpTransportException(code: 28):
Error while sending HTTP request at /home/keywinf/htdocs/www/vendor/hwi/oauth-bundle/OAuth/ResourceOwner/AbstractResourceOwner.php:255, Buzz\\Exception\\RequestException(code: 28):
Connection timed out after 60000 milliseconds at /home/keywinf/htdocs/www/vendor/kriswallsmith/buzz/lib/Buzz/Client/Curl.php:29)"} []
config.yml
hwi_oauth:
firewall_names: [main]
use_referer: true
fosub:
username_iterations: 30
properties:
facebook: facebookId
resource_owners:
facebook:
type: facebook
client_id: "%facebook_id%"
client_secret: "%facebook_secret%"
infos_url: 'https://graph.facebook.com/me?fields=id,name,first_name,last_name,picture.type(large),email,gender,birthday,location,age_range'
scope: "email,user_friends"
http_client:
timeout: 60
security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api/[a-z0-9](-[a-z0-9])+/
stateless: true
simple_preauth:
authenticator: api_key_authenticator
provider: api
main:
pattern: ^/
anonymous: true
provider: main
switch_user: true
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
success_handler: acme.security.authentication_handler
failure_handler: acme.security.authentication_handler
always_use_default_target_path: false
default_target_path: /
oauth:
resource_owners:
facebook: /login/check-facebook
login_path: /login
failure_path: /login
success_handler: acme.security.authentication_handler
always_use_default_target_path: false
default_target_path: /
oauth_user_provider:
service: dm.user_provider
logout:
path: fos_user_security_logout
target: /
remember_me:
secret: %secret%
If one knows what could be causing it.. Thank you very much
Ok, I got it, for anyone who have been encountering the same storm.
Be careful with ipv6 stuff on your server. PHP curl was trying to do its job through it, but the server was not ipv6-ready, and it eventually found it more cool to step back to ipv4 (but after a long time). My solution was to activate ipv6 completely (DNS, conf, etc.). You've plenty of useful (and short) examples for it on the web.
Have fun!
I'm using ESI (Edge Side Includes) to speed up my page but every time that I want to check if the user is loged in or not I get this error:
AuthenticationCredentialsNotFoundException: The security context contains no authentication token. One possible reason may be that
there is no firewall configured for this URL.
In my config.yml file I have this:
**esi: true<br>
fragments: { path: /_proxy }<br>
trusted_proxies: [127.0.0.1]**
Does someone knows how to solve it? I already tried to set a firewall for the /_proxy urls but I think that this is not the solution.
These are my firewalls:
main:
pattern: ^/
form_login:
check_path: /user/login_check
login_path: /user/login
provider: chain_provider
failure_path: null
logout:
path: /user/logout
target: /
success_handler: logout_success_handler
invalidate_session: true
anonymous: ~
security: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
Thanks
I tried to update my vendor bundles in symfony2 using php composer.phar update, but when I did so I received an error after this line:
Updating the "app/config/parameters.yml" file
The error I get is:
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
The child node "key" at path "security.firewalls.main.remember_me" must be configured.
Script Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::clearCache handling the post-update-cmd event terminated with an exception
[RuntimeException]
An error occurred when executing the "'cache:clear --no-warmup'" command.
My security.yml file has the following in its firewall section:
firewalls:
main:
pattern: ^/
provider: fos_userbundle
form_login:
csrf_provider: form.csrf_provider
always_use_default_target_path: false
default_target_path: webplio_site_dashboard_index
#success_handler: webplio_site.login_success_handler
check_path: /login_check
login_path: /login
logout: true
remember_me: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
where secret is defined in my parameters.yml file
My question then is what else do I need to do in order to configure the child node "key" at path "security.firewalls.main.remember_me"?
You need to change from
remember_me:
key: "%secret%"
to
remember_me:
secret: "%secret%"
Move your remember_me: true to
form_login:
...
remember_me: true
Check the security-reference as to see why.
Change key to secret and it works