2

I'm building an app in Symfony2 to replace a legacy application built with CakePHP 1.3. It's a big application, and to meet the needs of the end users it was decided that the new application would run along side the legacy application, and when features of the old system were rewritten in Symfony2 then users would be directed to the new application seamlessly.

In order to keep disruption to a minimum, it was also decided that the user would only have to log in once to the old application and that the new application should only give access to the user depending on if they're logged in or not. So the new application relies on the old application to handle the security. Furthermore, the old CakePHP application sits on www.domain.org, and the new Symfony2 app sits on a subdomain new.domain.org.

The problem I've got now is how I would exactly go about using the session created in CakePHP in Symfony2. I have tried a few things, like writing the user's ID to a cookie and then getting Symfony2 to check if the cookie has been set or not. Doing this allows users to navigate to the new system from the old system, but as soon as a link to the old system is clicked from the new system, the old system boots the user out asking them to log in again.

In the CakePHP 1.3 code, every area has the following code at the top:

$this->checkSession();

I never built the CakePHP 1.3 application, and I've no working knowledge of CakePHP 1.3 (I do of CakePHP 2.0). So from doing a bit of digging around, I have found in the core.php file the configuration for the session, which is as follows:

Configure::write('Session.cookie', 'DOMAIN');

Configure::write('Session.timeout', '120');
Configure::write('Session.start', true);
Configure::write('Session.checkAgent', true);

Configure::write('Security.level', 'medium');
Configure::write('Security.salt', '***RANDOM STRING***');
Configure::write('Security.cipherSeed', '***RANDOM STRING***');

There is also some code for an ACL, but this doesn't seem to contain much or do anything. These are:

Configure::write('Acl.classname', 'DbAcl');
Configure::write('Acl.database', 'default');

I can change some of the code in CakePHP in order to maybe bend it to work with Symfony, but I can't make any wholesale changes to the code. The previous programmer who built the CakePHP 1.3 has long since dissappeared, and left no documentation either.

So, how can I get Symfony2 to use the same sessions that CakePHP creates and uses, and also prevent CakePHP from logging the user out if they click on a link from the new application?

mickburkejnr
  • 3,463
  • 11
  • 69
  • 107
  • possible duplicate of [How to read a Cookie using Symfony 2?](http://stackoverflow.com/questions/17791519/how-to-read-a-cookie-using-symfony-2) – AD7six Jul 24 '13 at 16:29
  • It's not a duplicate, as this is referring to sessions. Also, there's an added issue with how CakePHP logs the user out when the user clicks on a link from the Symfony2 app. – mickburkejnr Jul 24 '13 at 22:05
  • A session id is stored in a cookie. If it's not a duplicate, the difference in what you're asking is not obvious (referencing already-covered ground would help). – AD7six Jul 24 '13 at 22:11

1 Answers1

-3

well, seems it's impossible in default php configuration (here I should write which version of PHP i mean, but will not to do it )

by default now check here

we have session.use_cookies = 1 and session.use_only_cookies = 1 by default this mean, that we use cookie based session.

also, it's impossile to set cookie from domain to subdomain: check here

this mean, that your to application can't have same cookie and so session.

as mentioned @AD7six it's possible to setup same cookie for doamin and subdomain, but this is still require to change default php config: session.cookie_domain = .domain.com.

seems you need to change php config, approach or pass session id through url, which I think ugly and unsafe

Community
  • 1
  • 1
Vadim
  • 597
  • 2
  • 5
  • 1
    passing the session id through the url? `session.cookie_domain = .domain.com` (defined in both apps) would make the session cookie visible to both, they'd need the same config to work of course. – AD7six Jul 24 '13 at 16:59
  • I can confirm @AD7six, I have created a cookie that can be accessed from the subdomain. It's true you can't access a cookie from a separate domain, but it's entirely possible to access a cookie from a sub domain, as demonstrated by AD7six. – mickburkejnr Jul 24 '13 at 22:07
  • I miss possibility setup similar cookie for domain and subdomain, BUT it still require to change php config, so, not sure why you so emotional, my answer logically correct :) – Vadim Jul 25 '13 at 02:22