0

Can someone tell me why symfony is not reading the right PHPSESSID but rather read some of it (example below), I'm using LEXIK for authentication and FOSRestBundle for API. Below is the security configuration (I think this is it). Which is causing the problems but I'm not sure,

enter image description here

I send the phpsessid right

enter image description here

Security config

security:
    providers:
        in_memory:
            memory: ~
        user_provider:
             id: app.user_provider

    firewalls:

        login:
            pattern:  ^/api/login
            stateless: false
            anonymous: true

        api:
            pattern:   ^/api
            provider: user_provider
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

Update 1

After losing the session my userprovider can not verify the user and so it gives this error

enter image description here Thank you

user26776
  • 131
  • 3
  • 12

1 Answers1

1

If it's JWT authentication you are talking about, it's a token based authentication so doesn't use PHPSESSID.

It passes a token with every request which is validated on the server for authentication.

REST works like HTTP which is stateless, so no session for your REST clients on the server.

Abhinav Kumar
  • 72
  • 5
  • I use a session to authenticate the user through a user provide that I created – user26776 Nov 21 '16 at 10:19
  • REST is stateless, so no session while making a REST request. What you need to do is read the JWT and authenticate your users. The LexikJWTBundle has good support for this. – Abhinav Kumar Nov 22 '16 at 06:55