Hm, I added "session_start();print_r($_SESSION);exit;" at the top of web/index_dev.php then removed it again...and the problem went away. Now I'd *love* to find out why that made a difference but I cannot reproduce the original problem again. Weird.
On Nov 2, 6:37 pm, Dennis Jacobfeuerborn <[email protected]> wrote: > Hm, the problem was that I excluded the /login.* pages like this: > > public: > pattern: /login.* > security: false > > main: > pattern: /.* > form_login: true > logout: true > > with the result that the "security: false" also disabled the listener > (or so I'm guessing): > After enabling the anonymous listener and using an access_control of > "{ path: /login.*, role: IS_AUTHENTICATED_ANONYMOUSLY }" > things now almost seem to work. > > Entering the wrong password results in a "bad credentials" error (as > expected) and entering the right username and password redirects > me to / (also expected) .... but then I immediately get redirected > back to /login. Apparently Symfony forgets that I'm authenticated and > wants me to log in again. > > Regards, > Dennis > > On Nov 2, 6:03 pm, Johannes <[email protected]> wrote: > > > You don't need a controller as the firewall listener will take care of > > this. > > > My guess is that you have not configured form-login for the > > login_check page, so the listener never gets called. > > > Johannes > > > On 2 Nov., 17:14, Dennis Jacobfeuerborn <[email protected]> > > wrote: > > > > Indeed excluding /login.* from any restrictions got rid of the > > > redirect loop, thanks. > > > > Now when I try to login the form gets submitted to /login_check which > > > results in an "Unable to find the controller." message. > > > Given that no controller is defined for that path that is to be > > > expected I guess but the example in the documentation doesn't > > > provide a controller either and it says that the submission is handled > > > automatically and I only have to implement the display > > > of the form (which works). > > > So I'm not sure which controller I'm supposed to route /login_check > > > to. > > > > Regards, > > > Dennis > > > > On Nov 2, 3:43 pm, Johannes <[email protected]> wrote: > > > > > You need to make sure to remove access restrictions for the login > > > > page. > > > > > If you are following a whitelist policy, you can do so by also > > > > enabling the anonymous listener and then requiring the > > > > "IS_AUTHENTICATED_ANONYMOUSLY" role for the login page. > > > > > Johannes > > > > > On Nov 2, 3:12 pm, Dennis Jacobfeuerborn <[email protected]> > > > > wrote: > > > > > > I'm trying to get a form-login going with the new security framework > > > > > but I'm running into trouble. > > > > > I've followed the instructions > > > > > athttp://docs.symfony-reloaded.org/master/guides/security/authenticatio... > > > > > and used the http-basic mechanism which works fine so far. Then I > > > > > replaced the http-basic:true bit with form-login:true in the > > > > > configuration, put the login form and controller code in the right > > > > > place and added the following routes (adapted to yaml from the xml in > > > > > the documentation): > > > > > > _security_login: > > > > > pattern: /login > > > > > defaults: { _controller: DamBundle:System:login } > > > > > > _security_check: > > > > > pattern: /login_check > > > > > > The result is an endless redirect loop. Looking at the rewrite log I > > > > > can see that when I request / then I get redirected to /login which is > > > > > expected since I'm not authenticated. However then /login redirects > > > > > again to /login which causes the loop. Is there anything missing from > > > > > the above documentation that is required to get the form login > > > > > working? > > > > > > Regards, > > > > > Dennis -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
