Symfony: how to separate Users/Sessions for Frontoffice and Backoffice

Question

I have a project with Frontoffice and Backoffice in the same application. Backoffice is separated with ^/admin/ in URL.

Backoffice needs to have Administrator object as logged in User and Frontoffice needs to have Member object as logged in User at the same time.

Is there a way to have separate Sessions and Users at the same time for different parts of an application? Using subdomains (like admin.example.com) or different domain for backoffice is not an option. If yes, then how could this be achieved?

I think you should try to find an option in order to rename the cookies stored in the user browser — Hammerbot, Jan 12 '18 at 10:06
You can use user impersonating. http://symfony.com/doc/3.4/security/impersonating_user.html — Mohammad Zare Moghadam, Jan 12 '18 at 12:30
https://stackoverflow.com/questions/40261879/symfony-pugxmultiuserbundle-separate-sessions-cookies-for-two-types-of-users-log — xurshid29, Jan 12 '18 at 12:33

Tobias Xy · Answer 1 · 2018-01-12T12:40:35.307

You probably want to set up different firewalls for your 2 areas. Here is an example of how your app/config/security.yml could look like. Take care: This example is not a complete security.yml file, it should just give you a hint on how to change your current one.

security:
    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # firewall for the backoffice (i.e. all paths starting with /admin/ )
        backoffice:
            pattern: ^/admin/

            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /admin
                name: REMEMBERME_BACK 

        # firewall for the frontoffice (i.e. all paths not catched by previous firewalls)
        frontoffice:
            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
                name: REMEMBERME_FRONT

For a more specialized solution your current security.yml file could be helpful.

score 0 · Accepted Answer · answered Jan 16 '18 at 20:50

Based on Tobias Xy answer and some additional research I was able to find solution. Main idea, like Tobias Xy stated, is to create two different firewalls. As each separate firewall has it's own session namespace. Only part that was missing is to have two different providers for Administrator and Member.

Providers can by of any type (in_memory, entity, etc.) but I used provider service that loads users from database with some custom logic. And for testing purposes I used http_basic authentication method, so my security.yml looks like this:

security:
  providers:
    crence_cms_admins_provider:
      id: crence_cms.user.provider.admin

    crence_cms_members_provider:
      id: crence_cms.user.provider.member

  firewalls:
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false

    backoffice:
      pattern: ^/admin/
      provider: crence_cms_admins_provider
      http_basic: ~

    frontoffice:
      anonymous: ~
      provider: crence_cms_members_provider
      http_basic: ~

  encoders:
    CrenceCMS\UserBundle\Model\AdminModel:
      algorithm: bcrypt
      cost: 12

    CrenceCMS\UserBundle\Model\MemberModel:
      algorithm: bcrypt
      cost: 12

  access_control:
    - { path: ^/admin/, roles: ROLE_ADMIN }

More info about creating custom provider can be found here: https://symfony.com/doc/current/security/custom_provider.html

Symfony: how to separate Users/Sessions for Frontoffice and Backoffice

2 Answers2