Home/ Questions/Q 8578219
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T20:20:13+00:00

i would like to start the session when the login executed not before. I

  • 0

i would like to start the session when the login executed not before.

I found out, that teh csrf token starts a session too when i’m using it in my forms.

Now i disabled the csrf token but the system starts also a session.

Which parts of symfony2 are creating the session too?

How can i detect the correct party in my application with xdebug?
I put the breakpoint in the Session.class but xdebug never stops on this point.

Thank you very much.

I’m using symfony 2.0.

This is my config.yml part

session:
    default_locale: %locale%
    lifetime: %session_lifetime%        
    path: /
    domain: %session_authdomain%            
    name: sid
    auto_start: false

This is my security.yml

security:
encoders:        
    Danke\ForumBundle\Entity\Forumuser: sha512
    Danke\ForumBundle\Entity\Admin: sha512

role_hierarchy:
    ROLE_MODERATOR: [ROLE_MANAGE_DEAL, ROLE_MANAGE_COMMENT]
    ROLE_ADMIN: [ROLE_MODERATOR, ROLE_MANAGE_CATEGORY, ROLE_MANAGE_AFFILIATELINK, ROLE_MANAGE_FORUMUSER, ROLE_MANAGE_BADLINK, ROLE_MANAGE_BADWORD]
    ROLE_SUPERADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH,  ROLE_MANAGE_EXCLUSIVEDEAL, ROLE_MANAGE_ADMIN]

providers:
    forumuser:
        providers: u_email, u_username
    u_email:
      entity: { class: Danke\ForumBundle\Entity\Forumuser, property: email }
    u_username:
      entity: { class: Danke\ForumBundle\Entity\Forumuser, property: username }
    admin:
        providers: a_email, a_username
    a_email:
      entity: { class: Danke\ForumBundle\Entity\Admin, property: email }
    a_username:
      entity: { class: Danke\ForumBundle\Entity\Admin, property: username }


firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    admin:
      # since anonymous is allowed users will not be forced to login
      pattern:   /admin/
      form_login:
        provider: admin
        login_path:  /admin
        check_path:  /admin/login
        always_use_default_target_path: true
        default_target_path: /admin/deal
      anonymous: false
      logout:
            path:   /admin/logout
            target: /admin

    public:
      # since anonymous is allowed users will not be forced to login
      pattern:   ^/.*          
      form_login:
        provider: forumuser
        login_path:  /login
        check_path:  /login_check/form
        #default_target_path: has to be declard in AuthenticationHandler
        success_handler: danke.forum.listener.authenticationhandler
        failure_handler: danke.forum.listener.authenticationhandler
      anonymous: true
      logout: true

access_control:
  //some access Control pages
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In your public firewall, disable anonymous authentication cause it needs session to identify non-logged user.

    You can replace by :

    firewalls:
    public:
      # since anonymous is allowed users will not be forced to login
      pattern:   ^/.*   
      security: false
    • 0