1

So, I have my symfony 4 website, using multi domain. It's not different websites, it's one website, with different languages, so I have example.com, en.example.com, ... If we log on example.com, it works, but it doesn't make the user logged in on en.example.com. I tried to set the config as I've seen in framework.yml:

framework:
    session:
        handler_id: ~
        cookie_domain: '.localhost'
        name: SFSESSION

But it simply breaks the login (there's no error but it 'triggers' a fail login, and no cookie is set. If I set 'en.localhost' as a domain, it works for that subdomain, but no others obviously.

I made a test page with that code:

<?php

$currentCookieParams = session_get_cookie_params();

$rootDomain = '.localhost';

session_set_cookie_params(
    $currentCookieParams["lifetime"],
    $currentCookieParams["path"],
    $rootDomain,
    $currentCookieParams["secure"],
    $currentCookieParams["httponly"]
);
session_start();

The result is that when I access localhost, I have a php cookie (on my symfony app, a similar config leads to no cookie), but if I go to test.localhost, I have nothing.

I tried to install the apache pack ( https://symfony.com/doc/current/setup/web_server_configuration.html ) And to set 

php_value session.cookie_domain ".localhost"

In the .htaccess, and it doesn't work, I login on subdomain and nowhere else; it's like the htaccess is ignored.

What am I missing ? Thank you

FTW
  • 922
  • 1
  • 7
  • 19
  • Is the leading `.` in your cookie domain a typo? If you want to have the cookie work for all subdomains, I would think it should be set to `example.com`, whereas setting it to `en.example.com` would only make it available to that sub domain. – dbrumann Oct 12 '19 at 15:51
  • it is not, every website talking about subdomain and cookie was writing something like that, starting with a dot. – FTW Oct 12 '19 at 16:08
  • You are right. Since these options are basically only delegated to php's core session functions, have you tried deploying a small test script that uses `session_set_cookie_params()` and `session_start()` to see if that works? If it persists you might have an issue with your PHP/server settings and not a bug/misconfiguration in Symfony – dbrumann Oct 12 '19 at 16:54
  • Good idea, I updated my post with the results of the test. – FTW Oct 12 '19 at 19:05
  • Did you change the session name to SFSESSION or was it already like that? – Jeroen Oct 12 '19 at 19:52
  • 1
    Take a look here: https://stackoverflow.com/a/644934/2608479 – Frank B Oct 12 '19 at 21:44
  • apparently, you should also read the comments – Jakumi Oct 13 '19 at 06:48
  • @Jeroen I did, it was suggested Others : Updated my post, I tried with the .htaccess, it didn't work – FTW Oct 13 '19 at 20:09

1 Answers1

0

In the end, I used the apache configuration to achieve it (on production, not on my wamp).

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    ServerAlias *

    DocumentRoot /var/www/html/examplewebsite/public
    DirectoryIndex /index.php

    <Directory /var/www/html/examplewebsite/public>
        AllowOverride None
        Order Allow,Deny
        Allow from All
        php_value session.cookie_domain example.com
        FallbackResource /index.php
    </Directory>

    # uncomment the following lines if you install assets as symlinks
    # or run into problems when compiling LESS/Sass/CoffeeScript assets
    # <Directory /var/www/project>
    #     Options FollowSymlinks
    # </Directory>

    # optionally disable the fallback resource for the asset directories
    # which will allow Apache to return a 404 error when files are
    # not found instead of passing the request to Symfony
    <Directory /var/www/project/public/bundles>
        FallbackResource disabled
    </Directory>
    ErrorLog /var/log/apache2/project_error.log
    CustomLog /var/log/apache2/project_access.log combined

    # optionally set the value of the environment variables used in the application
    #SetEnv APP_ENV prod
    #SetEnv APP_SECRET <app-secret-id>
    #SetEnv DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name"
</VirtualHost>

The line that matters is:

php_value session.cookie_domain example.com

Apparently: If you don't set the cookie_domain : by default the cookie is specific to the subdomain (or without subdomain) that is in the url. If you set : .example.com : every subdomain share the cookie, but not the domain without subdomain (example.com) If you set example.com : the simple domain, and the subdomains all share the cookie.

I'm not 100% sure it doesn't work on my wamp, didn't try for now.

FTW
  • 922
  • 1
  • 7
  • 19