My Symfony2 application replaces my PHPSESSID cookie when it logs me in. Is this expected behavior? It makes no sense to me… why not just keep the same PHPSESSID?

Here’s a little more detail.

To log in to my application, I must first make a request to a URL that hits my app:

$ telnet myapp 80
GET / HTTP/1.1
Host: myapp

I’m redirected to another URL (/login) and given a PHPSESSID cookie. Fine. Then I POST to /login_check something like _username=blah&_password=blah, and whether or not I provide proper credentials, I’m sent a different PHPSESSID cookie.

Seems like most anything works for this first request, but I must make some request (I can’t just POST to /login_check and be logged in). Is this expected behavior?

Not sure if it matters, but I’m using FOSUserBundle.

I guess I should mention that none of this matters until I put my application on two webservers behind a load balancer, and tell the load balancer to use stickiness based on PHPSESSID. As you might imagine, the PHPSESSID replacement behavior prevents login from working if a client happens to bounce to the other webserver.

Possible duplicate: Symfony2: login does not work on first try after clearing cookies