[英]Cross-domain authentication not stored in Symfony2
I have a jQuery
AJAX
request :我有一个
jQuery
AJAX
请求:
$.ajax({
type: "POST",
url: 'http://xbo.dev/ajax/login_ajax',
dataType: 'json',
data: {
_username: $('#_username').val(),
_password: $('#_password').val()
}
}).done(function (data) {
console.log(data);
}
And a PHP
controller :还有一个
PHP
控制器:
public function loginAjaxAction() {
$request = $this->get('request');
$success = false;
$responseCode = 300;
$authorizedHostsDev = array('xbo.dev');
if ($request->isMethod('POST') && ($request->isXmlHttpRequest() || in_array($request->headers->get('host'), $authorizedHostsDev))) {
$user = $this->get('fos_user.user_manager')->findUserBy(array('username' => $request->request->get('_username')));
if ($user) {
$encoderManager = $this->get('security.encoder_factory');
$encoder = $encoderManager->getEncoder($user);
$encodedPass = $encoder->encodePassword($request->request->get('_password'), $user->getSalt());
if ($user->getPassword() === $encodedPass) {
if ($user->getExpiresAt() < new \DateTime()) {
$responseCode = 500;
} else {
$this->userAuthentication($user);
$responseCode = 200;
$success = true;
}
} else {
$responseCode = 400;
}
}
}
$return = json_encode(array('responseCode' => $responseCode, 'success' => $success));
return new Response($return, 200, array('Content-Type'=>'application/json'));
}
If I execute this AJAX
request from xbo.dev, I have this result in the console.log(data)
:如果我从 xbo.dev 执行这个
AJAX
请求,我会在console.log(data)
得到这个结果:
{"responseCode":200,"success":true}
After that, I'm redirected and I'm logged in.之后,我被重定向并登录。
If I execute this AJAX
request from subdomain like blog.xbo.dev, I have the same result in console.log(data)
but, when the page is refreshing, I'm not redirected (I stay on the connection page) and it seems that my login action is not made (still can enter my ids to connect).如果我从像 blog.xbo.dev 这样的子域执行这个
AJAX
请求,我在console.log(data)
得到相同的结果,但是,当页面刷新时,我没有被重定向(我留在连接页面上)并且它似乎没有进行我的登录操作(仍然可以输入我的 ID 进行连接)。
How can I change this behavior ?我怎样才能改变这种行为?
Thanks谢谢
EDIT : I just added one test, to know if I was connected in the moment, in the PHP
controller.编辑:我刚刚在
PHP
控制器中添加了一个测试,以了解我是否已连接。 Indeed, even after the AJAX
request from blog.xbo.dev, $responseCode
is 1000
.事实上,即使在来自 blog.xbo.dev 的
AJAX
请求之后, $responseCode
也是1000
。 The test :考试 :
if ($this->getUser()) {
$responseCode = 1000;
} else {
$responseCode = 200;
$success = true;
}
EDIT 2 : Here is the code of the userAuthentication method :编辑 2:这是 userAuthentication 方法的代码:
private function userAuthentication(UserInterface $user) {
$providerKey = 'main'; // firewall name
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
$this->container->get('security.context')->setToken($token);
}
Here is a solution I found.这是我找到的解决方案。
I figured out that from my subdomain blog.xbo.dev, my PHP
controller couldn't set the cookie for my authenticated user.我从我的子域 blog.xbo.dev 中发现,我的
PHP
控制器无法为经过身份验证的用户设置 cookie。
So, I just thought about it and decided to specially create a different route for my subdomain.所以,我只是想了想,决定专门为我的子域创建一个不同的路由。
I precised the host
parameter in my routing.yml.我在routing.yml 中精确了
host
参数。
So, I have one route called with host: blog.xbo.dev
and the second one called with host: xbo.dev
.所以,我有一个用
host: blog.xbo.dev
调用的路由host: blog.xbo.dev
和第二个用host: xbo.dev
调用的路由host: xbo.dev
。 Both of the 2 routes target the same PHP controller function ( loginAjaxAction
) and it works perfectly.两条路线都针对相同的 PHP 控制器函数(
loginAjaxAction
),并且运行良好。
Hope this will help.希望这会有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.