跨域身份验证未存储在 Symfony2 中
[英]Cross-domain authentication not stored in Symfony2
问题描述
I have a jQuery AJAX request :
我有一个jQuery AJAX请求:
$.ajax({
type: "POST",
url: 'http://xbo.dev/ajax/login_ajax',
dataType: 'json',
data: {
_username: $('#_username').val(),
_password: $('#_password').val()
}
}).done(function (data) {
console.log(data);
}
And a PHP controller :还有一个PHP控制器:
public function loginAjaxAction() {
$request = $this->get('request');
$success = false;
$responseCode = 300;
$authorizedHostsDev = array('xbo.dev');
if ($request->isMethod('POST') && ($request->isXmlHttpRequest() || in_array($request->headers->get('host'), $authorizedHostsDev))) {
$user = $this->get('fos_user.user_manager')->findUserBy(array('username' => $request->request->get('_username')));
if ($user) {
$encoderManager = $this->get('security.encoder_factory');
$encoder = $encoderManager->getEncoder($user);
$encodedPass = $encoder->encodePassword($request->request->get('_password'), $user->getSalt());
if ($user->getPassword() === $encodedPass) {
if ($user->getExpiresAt() < new \DateTime()) {
$responseCode = 500;
} else {
$this->userAuthentication($user);
$responseCode = 200;
$success = true;
}
} else {
$responseCode = 400;
}
}
}
$return = json_encode(array('responseCode' => $responseCode, 'success' => $success));
return new Response($return, 200, array('Content-Type'=>'application/json'));
}
If I execute this AJAX request from xbo.dev, I have this result in the console.log(data) :如果我从 xbo.dev 执行这个AJAX请求,我会在console.log(data)得到这个结果:
{"responseCode":200,"success":true}
After that, I'm redirected and I'm logged in.之后,我被重定向并登录。
If I execute this AJAX request from subdomain like blog.xbo.dev, I have the same result in console.log(data) but, when the page is refreshing, I'm not redirected (I stay on the connection page) and it seems that my login action is not made (still can enter my ids to connect).如果我从像 blog.xbo.dev 这样的子域执行这个AJAX请求,我在console.log(data)得到相同的结果,但是,当页面刷新时,我没有被重定向(我留在连接页面上)并且它似乎没有进行我的登录操作(仍然可以输入我的 ID 进行连接)。
How can I change this behavior ?我怎样才能改变这种行为?
Thanks谢谢
EDIT : I just added one test, to know if I was connected in the moment, in the PHP controller.编辑:我刚刚在PHP控制器中添加了一个测试,以了解我是否已连接。 Indeed, even after the AJAX request from blog.xbo.dev, $responseCode is 1000 .事实上,即使在来自 blog.xbo.dev 的AJAX请求之后, $responseCode也是1000 。 The test :考试 :
if ($this->getUser()) {
$responseCode = 1000;
} else {
$responseCode = 200;
$success = true;
}
EDIT 2 : Here is the code of the userAuthentication method :编辑 2:这是 userAuthentication 方法的代码:
private function userAuthentication(UserInterface $user) {
$providerKey = 'main'; // firewall name
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
$this->container->get('security.context')->setToken($token);
}
1 个解决方案
解决方案1
1 已采纳
Here is a solution I found.这是我找到的解决方案。
I figured out that from my subdomain blog.xbo.dev, my PHP controller couldn't set the cookie for my authenticated user.我从我的子域 blog.xbo.dev 中发现,我的PHP控制器无法为经过身份验证的用户设置 cookie。
So, I just thought about it and decided to specially create a different route for my subdomain.所以,我只是想了想,决定专门为我的子域创建一个不同的路由。
I precised the host parameter in my routing.yml.我在routing.yml 中精确了host参数。
So, I have one route called with host: blog.xbo.dev and the second one called with host: xbo.dev .所以,我有一个用host: blog.xbo.dev调用的路由host: blog.xbo.dev和第二个用host: xbo.dev调用的路由host: xbo.dev 。 Both of the 2 routes target the same PHP controller function ( loginAjaxAction ) and it works perfectly.两条路线都针对相同的 PHP 控制器函数( loginAjaxAction ),并且运行良好。
Hope this will help.希望这会有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.