symfony

Feedback on a side-effect with Symfony 2.2, subdomains and sessions

This is a small feedback regarding the new Symfony 2.2 feature which makes the subdomains handling easier. By the way you can see the official documentation about routing & subdomains here.

Scenario: With the support of subdomains in the Symfony 2.2 routing component, you’re all excited and decide to take advantage of that feature.

Problem 1: Once you’ve opened one or more dedicated routes involving a subdomain, your users keep complaining about your application asking them to re-auth although they did it 5 minutes ago. Yeah, that’s right, the session isn’t shared across main domain and the subdomain.

Cause: You forgot to set the path of the session cookie to a value that allows session sharing for all your subdomains too. By default, the value of cookie_domain takes the current domain from $_SERVER superglobal (which will in most case will output www.my-domain.com).

Solution :  Add to your config.yml under the session key “cookie_domain : .my-domain.com”. Just see the gist below for the example. If you use the “remember_me” feature, don’t forget to change the domain value of security.yml (see the 2nd gist).

Problem 2: Once you’ve deployed the fix on your dev-preprod-prod server (choose the right stage according whether you like risks or not), you keep trying to login with your credentials without being actually logged in (and of course, no errors are logged).

Cause: If you open any tool which let us visualize the cookies stored by a website, you’ll figure out soon that you have 2 cookies “PHPSESSID” with differents values in the domain (one with www.my-domain.com and the other with .my-domain.com).

Solution:  Change the name of the session cookie. It will prevent conflicts which will lead to a silent login failure.

There you are, with your subdomain ready application. Enjoy.

 

Related posts:

5 thoughts on “Feedback on a side-effect with Symfony 2.2, subdomains and sessions

  1. You should also take advantage of the cookie name change to hide the framework used, and/or put something more fun (like “werecruit” :P).

  2. Tristan BESSOUSSA

    That’s a fun possibility ;-)
    Are you ashamed of using Symfony that you want to hide it ? :p

  3. Bonjour,

    J’ai écrit un framework en me basant sur l’optimisation nécessaire pour générer tout ce qui est statique. Notamment les images et autres, qui sont située spécifiquement dans des répertoires dédiés.

    Par exemple, sur http://www.papdevis.fr/ si vous regardez le code source, tout est basé sur le nom d’hôte :
    - langue,
    - si c’est statique
    - partenaire.

    Dans le cas d’un statique, par exemple une image, on a http://fr.s.papdevis.fr/pap-devis.png

    Cela signifie “fr” = langue française, “s” = image statique. et à partir de là il va chercher l’information dans le bon répertoire.

    Avez vous une idée sur comment génerer simplement des URL de ce type, simplement, en symfony ?

  4. Tristan BESSOUSSA

    Symfony est un framework, pas un language. Du coup ca serait plus “avec Symfony” plutôt que “en Symfony” (mode puritain off). Concernant ton problème, je pencherai à écrire un GeneratorCustom qui étends UrlGenerator. Comme ça tu pourrais générer tes URL en fonction de tes contraintes

  5. Thanks a lot! We have headache with session on two servers dev.example.com and prod.example.com. Your article helped a lot!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>