sgrodzicki/hack-session-bundle

There is no license information available for the latest version (dev-master) of this package.

Hack to allow having the session allowed starting when login_check

dev-master 2013-02-07 15:30 UTC

This package is not auto-updated.

Last update: 2024-12-21 13:36:37 UTC


README

Purpose

Because for a customer project we have a login form on every page and high trafic, we want to begin the session very late. The goal is to get all the benefits of Varnish by caring very low on the cache policy at the VCL config level but more at the HTTP classical level.

The current issue points to this question : symfony/symfony#3703

Assumption

This assumption used for this temporary fix is really precise but allows only one 'login_check' route (for one firewall so)

To begin

First, the auto_start session parameter must be disabled like this:

# app/config/config.yml
...
framework:
    ...
    session:
        auto_start:     false

Installation

Add the bundle in the deps file of your project:

# deps
[HackSessionBundle]
    git=git@github.com:gillest/HackSessionBundle.git
    target=bundles/Gilles/Bundle/HackSessionBundle

Launch the bundle install command then:

./bin/vendors install

Add the bundle namespace to the autoload configuration file.

# app/autoload.php
<?php
...
$loader->registerNamespaces(array(
    ...
    'Gilles'           => __DIR__.'/../vendor/bundles',
));

Then, register the bundle in the kernel :

# app/AppKernel.php
<?php
...
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            ...
            new Gilles\Bundle\HackSessionBundle\GillesHackSessionBundle(),
        );
        ...
    }
    ...
}

At the configuration level, you need to provide the same parameter to both firewall and hack listener:

# app/config/config.yml
gilles_hack_session:
    login_check_path: %local_form_login_check_path%

Then, set to the same parameter the check_path you have set for the wanted firewall area:

# app/config/security.yml
security:
    ...
    firewalls:
        ...
        secured_area:
            pattern:    ^/demo/secured/
            form_login:
                check_path: %local_form_login_check_path%

Now, you can set your URL that makes the login_check:

# app/config/config.yml
parameters:
    local_form_login_check_path: /demo/secured/login_check 

Result

The session does not need to exist now when the URL set to %local_form_login_check_path% in the firewall is hit.