Home/ Questions/Q 3791278
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T12:26:42+00:00

I want to share a single authentificaition method for to Symfony websites sharing the

  • 0

I want to share a single authentificaition method for to Symfony websites sharing the same top-domain.
I use a cookie valid on all subdomains and sfPDOSessionStorage for keeping session data.

factories.yml is set up like this on both projects: 

all:
  storage:
    class: sfPDOSessionStorage
    param:
      database: doctrine
      db_table: sessions
      session_name: myauth
      db_id_col: id
      db_data_col: sess_data
      db_time_col: time
      session_cookie_domain: ".mydomain.net"
      session_cookie_lifetime: 86400
      session_cookie_path: /

On my development machine and on my co-workers’s machine this mechanism is working fine but on the server it does not (I’m asked for credentials when I switch sub-domains). The only difference I see between the two environments is the format in which the data is stored, the data seems to be encrypted on the prod server but appears in clear text on my machine. There’s no sensitive data here so I can post an example :

Dev environment sess_data:

symfony/user/sfUser/lastRequest|i:1295349567;symfony/user/sfUser/authenticated|b:0;symfony/user/sfUser/credentials|a:0:{}symfony/user/sfUser/attributes|a:1:{s:30:"symfony/user/sfUser/attributes";a:1:{s:7:"referer";s:0:"";}}symfony/user/sfUser/culture|s:2:"fr";

Production server sess_data:

BB7HBTsQg75NNGvb9Z8sexldqbS79YzDgrztQzSFhsUpEk2EeCOtKw8FQbm31vLIRyr3ZP_klwZFXywnkdem27naIWjIVBP_WwpwNRg4IMj1J0fIfxJN_UOw2RbCWh91L5ryCD_7_ynN2UtxfuJwUWnxoGuUvqD8YQxNdczQipmktPVFk1mVfKE1-BsrdHHLIXH_gi44-Bos3f-EshE5skuQpachnY1FkgvvvOuXEj7zxPflgA3xtGoqJxkDijT-uKnQCH4TrimhvkIRGCt0oVuOdsAJzuWW6ijgPCD3X767mSIzm_lQmJoSGxDB7fAgFihB7Ljoq0tsysC62BqTYFB6dTnuZoj3KON8lXlyNJZVyLgTWZ3EYoObtc8jCKYNDonSjEqzTvwg4NJRVoB5ePx61iTqbDd9qFlkryzj9J8.

I haven’t got a clue which encryption type is used to store information in the database, nor am I sure that this is the root of my problems but as this is the only difference I can spot, I don’t see any other explanation. (PHP and MySQL versions are identical, with Ubuntu 10.10 on my side and Debian Squeeze server-side).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think there’s some module installed on your production server responsible for encrypting the session’s data.

    For example, suhosin patch adds such a feature to PHP: http://www.hardened-php.net/suhosin/configuration.html

    It’s activated by suhosin.session.encrypt configuration option in php.ini.

    • 0