In order to implement cross application authentication (getting logged in in my Symfony2 app if the user already logged in in an other application), I made a Symfony2 listener class that checks if specific data concerning the user is in the session. This data comes from a non-Symfony2 (but PHP) app.
The problem is that the session data from the other app is not present in the session object I use in my class.
Here is the listener (simplified) class:
<?php
class OldAppAuthenticationListener
{
/** @var \Symfony\Component\Security\Core\SecurityContext */
private $context;
public function __construct(SecurityContext $context)
{
$this->context = $context;
}
public function onKernelRequest(GetResponseEvent $event)
{
if (HttpKernel::MASTER_REQUEST != $event->getRequestType()) {
// don't do anything if it's not the master request
return;
}
if (!$this->context->isGranted('IS_AUTHENTICATED_FULLY')) {
$request = $event->getRequest();
$session = $request->getSession();
$userName = $session->get('nomUtilisateur');
$token = new PreAuthenticatedToken($userName, null, 'secured_area', array('ROLE_USER'));
$session->set('_security_secured_area', serialize($token));
}
}
}
It is registered in services.yml like this:
services:
my_app.listener.old_app_authentication:
class: Acme\MyAppBundle\Listener\MyAppAuthenticationListener
arguments: ["@security.context"]
tags:
- { name: kernel.event_listener, event: kernel.request }
But the $session->get('nomUtilisateur') always returns NULL (and $session->all() and $_SESSION only return some Symfony2 specific vars) although the other app stores all this data in the session.
Of course, I use the same cookie session domain for both apps (as configured in config.yml) and I can easily check that the PHPSESSID is the same.
So here is my question: why are the old app session variables not available and how can I get them from my listener class?
As stated here, Symfony2 uses session bags to store session stuff. This means that you have to directly access the
$_SESSIONsuperglobal for such a functionality.