-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello,
i try to set up varnish in front of our symfony2 application and have a few questions that seem not to be covered by the documentation [1] [2] [3] we use form authentication with native sessions and the remember me feature active. 1. can i tell symfony2 to not start a session unless the user wants to log in? thus have no session cookie except for logged in users? this would tremendously help with the varnish setup. 2. the session cookie has a lifetime of 1 hour. it is not refreshed on each request (i see no Set-Cookie: header in responses for a logged in user). how is the session kept alive? or does the user lose his session after that hour even if he is constantly active on the site, and then remember me triggers him to be logged back in? not sure is this is really a symfony question, but i found no information on the topic at php.net either, except for some people re-sending the cookie on each request - which i do not want to work around symfony2 to do it. and it would be bad for caching. my current idea is: make the part that is session specific an esi include that varies on cookies and has a lifetime matching the expected age of the session. if the client loses his cookie, he sees immediately that he is no longer logged in (resp. rememberme can trigger and log him back in). does this make sense? if the docs + cookbook are on github, i could send some pull request afterwards with the result of this discussion integreated... cheers,david [1] http://symfony.com/doc/2.0/book/security/authentication.html [2] http://symfony.com/doc/2.0/book/http_cache.html [3] http://symfony.com/doc/2.0/cookbook/cache/varnish.html - -- Liip AG // Agile Web Development // T +41 26 422 25 11 CH-1700 Fribourg // PGP 0xA581808B // www.liip.ch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2Ei9YACgkQqBnXnqWBgItEXQCfe2DW3YwkFSiWtXN86nrWPaf1 OxwAoKR87nZIMxp8JOvxDRDeXTj9hYnD =y5yJ -----END PGP SIGNATURE----- -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
