Nur für eine Anforderung angemeldet, nach der Aktualisierung abgemeldet

Question

Ich habe ein wirklich seltsames Problem, das ich nicht herausfinden kann. Ich bin mir ziemlich sicher, dass ich etwas in der Konfiguration vermisse, also hoffe ich, dass mir jemand helfen kann.

Ich versuche, ein einfaches Anmeldeformular in Symfony zu erstellen. Wenn ich mich anmelde, sehe ich, dass der authentifizierte Benutzer tatsächlich der Benutzer ist, mit dem ich mich gerade angemeldet habe. Wenn ich die Seite jedoch aktualisiere oder zu einer anderen Seite navigiere, werden die Benutzer ausgeloggt und ich werde zurück zur Anmeldeseite geleitet. Ich verstehe nicht, warum ich die ganze Zeit abgemeldet werde.

Meine Benutzerklasse:

<?php namespace AppBundle\Entity; 

use Doctrine\ORM\Mapping as ORM; 
use Symfony\Component\Security\Core\User\UserInterface; 

/** 
* @ORM\Entity 
*/ 
class User implements UserInterface 
{ 
    /** 
    * @ORM\Column(type="integer") 
    * @ORM\Id 
    * @ORM\GeneratedValue(strategy="AUTO") 
    */ 
    private $id; 

    /** 
    * @ORM\Column(type="string", length=100) 
    */ 
    public $email; 

    /** 
    * @ORM\Column(type="string", length=64) 
    */ 
    private $password; 

    public function getUsername() 
    { 
     return $this->email; 
    } 

    public function getRoles() 
    { 
     return ['ROLE_USER']; 
    } 

    public function getPassword() 
    { 
     return $this->password; 
    } 

    public function getSalt() 
    { 
     return null; 
    } 

    public function eraseCredentials() 
    { 
     return null; 
    } 

    /** 
    * Get id 
    * 
    * @return integer 
    */ 
    public function getId() 
    { 
     return $this->id; 
    } 

    /** 
    * Set email 
    * 
    * @param string $email 
    * 
    * @return User 
    */ 
    public function setEmail($email) 
    { 
     $this->email = $email; 

     return $this; 
    } 


    /** 
    * Set password 
    * 
    * @param string $password 
    * 
    * @return User 
    */ 
    public function setPassword($password) 
    { 
     $this->password = $password; 

     return $this; 
    } 
} 

Meine Garde Authenticator:

<?php namespace AppBundle\Authentication; 
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; 
use Symfony\Component\Security\Guard\GuardAuthenticatorInterface; 
use Symfony\Component\Security\Core\User\UserInterface; 
use Symfony\Component\Security\Core\User\UserProviderInterface; 
use Symfony\Component\Security\Core\Exception\AuthenticationException; 
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; 
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; 
use Symfony\Component\Routing\RouterInterface; 
use Symfony\Component\HttpFoundation\Request; 
use Symfony\Component\HttpFoundation\RedirectResponse; 
use Doctrine\ORM\EntityManagerInterface; 

class Authenticator extends AbstractGuardAuthenticator implements GuardAuthenticatorInterface 
{ 
    /** 
    * @var \Symfony\Component\Routing\RouterInterface 
    */ 
    private $router; 

    private $em; 

    private $encoder; 


    public function __construct(RouterInterface $router, EntityManagerInterface $entityManager, UserPasswordEncoderInterface $passwordEncoder) 
    { 
     $this->router = $router; 
     $this->em = $entityManager; 
     $this->encoder = $passwordEncoder; 
    } 

    /** 
    * Get the authentication credentials from the request and return them 
    * as any type (e.g. an associate array). If you return null, authentication 
    * will be skipped. 
    * 
    * Whatever value you return here will be passed to getUser() and checkCredentials() 
    * 
    * For example, for a form login, you might: 
    * 
    *  if ($request->request->has('_username')) { 
    *   return array(
    *    'username' => $request->request->get('_username'), 
    *    'password' => $request->request->get('_password'), 
    *   ); 
    *  } else { 
    *   return; 
    *  } 
    * 
    * Or for an API token that's on a header, you might use: 
    * 
    *  return array('api_key' => $request->headers->get('X-API-TOKEN')); 
    * 
    * @param Request $request 
    * 
    * @return mixed|null 
    */ 
    public function getCredentials(Request $request) 
    { 
     return [ 
      'username' => $request->request->get('username'), 
      'password' => $request->request->get('password') 
     ]; 
    } 

    public function start(Request $request, AuthenticationException $authException = null) 
    { 
     $url = $this->router->generate('login'); 
     return new RedirectResponse($url); 
    } 

    /** 
    * Return a UserInterface object based on the credentials. 
    * 
    * The *credentials* are the return value from getCredentials() 
    * 
    * You may throw an AuthenticationException if you wish. If you return 
    * null, then a UsernameNotFoundException is thrown for you. 
    * 
    * @param mixed     $credentials 
    * @param UserProviderInterface $userProvider 
    * 
    * @throws AuthenticationException 
    * 
    * @return UserInterface|null 
    */ 
    public function getUser($credentials, UserProviderInterface $userProvider) 
    { 
     $user = $this->em->getRepository('AppBundle:User') 
      ->findOneBy(array(
       'email' => $credentials['username'])); 

     return $user; 
    } 

    /** 
    * Returns true if the credentials are valid. 
    * 
    * If any value other than true is returned, authentication will 
    * fail. You may also throw an AuthenticationException if you wish 
    * to cause authentication to fail. 
    * 
    * The *credentials* are the return value from getCredentials() 
    * 
    * @param mixed   $credentials 
    * @param UserInterface $user 
    * 
    * @return bool 
    * 
    * @throws AuthenticationException 
    */ 
    public function checkCredentials($credentials, UserInterface $user) 
    { 
     $plainPassword = $credentials['password']; 


     if ($this->encoder->isPasswordValid($user, $plainPassword)) 
     { 
      return true; 
     } 

     return false; 
    } 

    /** 
    * Called when authentication executed, but failed (e.g. wrong username password). 
    * 
    * This should return the Response sent back to the user, like a 
    * RedirectResponse to the login page or a 403 response. 
    * 
    * If you return null, the request will continue, but the user will 
    * not be authenticated. This is probably not what you want to do. 
    * 
    * @param Request     $request 
    * @param AuthenticationException $exception 
    * 
    * @return Response|null 
    */ 
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception) 
    { 
    } 

    /** 
    * Called when authentication executed and was successful! 
    * 
    * This should return the Response sent back to the user, like a 
    * RedirectResponse to the last page they visited. 
    * 
    * If you return null, the current request will continue, and the user 
    * will be authenticated. This makes sense, for example, with an API. 
    * 
    * @param Request  $request 
    * @param TokenInterface $token 
    * @param string   $providerKey The provider (i.e. firewall) key 
    * 
    * @return Response|null 
    */ 
    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) 
    { 
     return null; 
    } 

    /** 
    * Does this method support remember me cookies? 
    * 
    * Remember me cookie will be set if *all* of the following are met: 
    * A) This method returns true 
    * B) The remember_me key under your firewall is configured 
    * C) The "remember me" functionality is activated. This is usually 
    *  done by having a _remember_me checkbox in your form, but 
    *  can be configured by the "always_remember_me" and "remember_me_parameter" 
    *  parameters under the "remember_me" firewall key 
    * 
    * @return bool 
    */ 
    public function supportsRememberMe() 
    { 
     return false; 
    } 
} 

Und mein security.yaml schließlich:

security: 
    encoders: 
     AppBundle\Entity\User: bcrypt 

    providers: 
     our_db_provider: 
      entity: 
       class: AppBundle:User 
       property: email 

    firewalls: 
     # disables authentication for assets and the profiler, adapt it according to your needs 
     dev: 
      pattern: ^/(_(profiler|wdt)|css|images|js)/ 
      security: false 
     secured_area: 
      anonymous: ~ 
      logout: 
       path: /logout 
       target: /login 
      guard: 
       authenticators: 
        - user_authenticator 

     main: 
      pattern: ^/login 
      form_login: ~ 
      provider: our_db_provider 

    access_control: 
     - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/, roles: ROLE_USER } 

Ich habe auch die Berechtigungen für das Sessions Verzeichnis und setze es auf 777. Ich sehe, dass eine neue Session-Datei erstellt wird, aber irgendwie bricht es weiter.

Vielen Dank im Voraus!

UPDATE:

ich auch sehen, dass, wenn ich mit meinen Zugangsdaten anmelden Ich anonym protokolliert werden. Ich weiß nicht warum.

Answer 1

Versuchen Sie, die serialisierbare Schnittstelle zu implementieren. Dies wird benötigt, um die Benutzerinformationen in der Sitzung zu speichern.

/** @see \Serializable::serialize() */ 
public function serialize() 
{ 
    return serialize(array(
     $this->id, 
     $this->username, 
     $this->password, 
     // see section on salt below 
     // $this->salt, 
    )); 
} 

/** @see \Serializable::unserialize() */ 
public function unserialize($serialized) 
{ 
    list (
     $this->id, 
     $this->username, 
     $this->password, 
     // see section on salt below 
     // $this->salt 
    ) = unserialize($serialized); 
} 

Wenn das nicht das einzige Problem ist füge doch folgende http://symfony.com/doc/current/security/entity_provider.html Schritt für Schritt

Update: Warum schreiben Sie Ihre eigene Authenticator? Vielleicht versuchen Sie es mit dem Standard, das könnte auch das Problem sein.