I'm building an app in Symfony2 to replace a legacy application built with CakePHP 1.3. It's a big application, and to meet the needs of the end users it was decided that the new application would run along side the legacy application, and when features of the old system were rewritten in Symfony2 then users would be directed to the new application seamlessly.
In order to keep disruption to a minimum, it was also decided that the user would only have to log in once to the old application and that the new application should only give access to the user depending on if they're logged in or not. So the new application relies on the old application to handle the security. Furthermore, the old CakePHP application sits on www.domain.org
, and the new Symfony2 app sits on a subdomain new.domain.org
.
The problem I've got now is how I would exactly go about using the session created in CakePHP in Symfony2. I have tried a few things, like writing the user's ID to a cookie and then getting Symfony2 to check if the cookie has been set or not. Doing this allows users to navigate to the new system from the old system, but as soon as a link to the old system is clicked from the new system, the old system boots the user out asking them to log in again.
In the CakePHP 1.3 code, every area has the following code at the top:
$this->checkSession();
I never built the CakePHP 1.3 application, and I've no working knowledge of CakePHP 1.3 (I do of CakePHP 2.0). So from doing a bit of digging around, I have found in the core.php
file the configuration for the session, which is as follows:
Configure::write('Session.cookie', 'DOMAIN');
Configure::write('Session.timeout', '120');
Configure::write('Session.start', true);
Configure::write('Session.checkAgent', true);
Configure::write('Security.level', 'medium');
Configure::write('Security.salt', '***RANDOM STRING***');
Configure::write('Security.cipherSeed', '***RANDOM STRING***');
There is also some code for an ACL, but this doesn't seem to contain much or do anything. These are:
Configure::write('Acl.classname', 'DbAcl');
Configure::write('Acl.database', 'default');
I can change some of the code in CakePHP in order to maybe bend it to work with Symfony, but I can't make any wholesale changes to the code. The previous programmer who built the CakePHP 1.3 has long since dissappeared, and left no documentation either.
So, how can I get Symfony2 to use the same sessions that CakePHP creates and uses, and also prevent CakePHP from logging the user out if they click on a link from the new application?