This is a small feedback regarding the new Symfony 2.2 feature which makes the subdomains handling easier. By the way you can see the official documentation about routing & subdomains here.
Scenario: With the support of subdomains in the Symfony 2.2 routing component, you’re all excited and decide to take advantage of that feature.
Problem 1: Once you’ve opened one or more dedicated routes involving a subdomain, your users keep complaining about your application asking them to re-auth although they did it 5 minutes ago. Yeah, that’s right, the session isn’t shared across main domain and the subdomain.
Cause: You forgot to set the path of the session cookie to a value that allows session sharing for all your subdomains too. By default, the value of cookie_domain takes the current domain from $_SERVER superglobal (which will in most case will output www.my-domain.com).
Solution : Add to your config.yml under the session key “cookie_domain : .my-domain.com”. Just see the gist below for the example. If you use the “remember_me” feature, don’t forget to change the domain value of security.yml (see the 2nd gist).
Problem 2: Once you’ve deployed the fix on your dev-preprod-prod server (choose the right stage according whether you like risks or not), you keep trying to login with your credentials without being actually logged in (and of course, no errors are logged).
Cause: If you open any tool which let us visualize the cookies stored by a website, you’ll figure out soon that you have 2 cookies “PHPSESSID” with differents values in the domain (one with www.my-domain.com and the other with .my-domain.com).
Solution: Change the name of the session cookie. It will prevent conflicts which will lead to a silent login failure.
There you are, with your subdomain ready application. Enjoy.
You should also take advantage of the cookie name change to hide the framework used, and/or put something more fun (like “werecruit”
).
That’s a fun possibility
Are you ashamed of using Symfony that you want to hide it ? :p