Symfony 4: Authentication Token is lost from the Session after login_check redirect

Question

Recently I have made some code changes to store sessions in Database using PdoSessionHandler. I am using Guard Authentication. checkCredentials is working fine is working fine, insert into "sessions" table is also working fine. But the Authentication token in the session is lost after /login_check redirect.

Authentication token is getting stored in the serialized format under "_security_secured_area" in the session and the session is also saved in the DB but after the redirect from /login_check to /login_redirect session is available with the same id but the auth token details are missing. Probably it is not able to populate auth details from the DB.

Here is my packages/security.yaml

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    secured_area:
        pattern:    ^/
        anonymous: ~
        guard:
            authenticators:
                - App\Security\LoginFormAuthenticator
        logout:
            path:   _logout
            target: _public_signin

        logout_on_user_change: true
        remember_me:
            secret:   '%kernel.secret%'
            lifetime: 2592000 # 30 days in seconds
            path:     /
            domain: ~
            remember_me_parameter: _stay_signedin
            # by default, the feature is enabled by checking a
            # checkbox in the login form (see below), uncomment the
            # following line to always enable it.
            #always_remember_me: true
            token_provider: token_service

Here is my gurardAuthenticator:

/**
 * Override to change what happens after successful authentication.
 *
 * @param Request        $request
 * @param TokenInterface $token
 * @param string         $providerKey
 *
 * @return RedirectResponse
 */
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
    /** @var User $user */
    $user = $token->getUser();

    if ($user->getNewUser() === true) {
        $url = '_onboard';
    } elseif ($user->getResetPass() === true) {
        $url = '_change_temp_password';
    } else {
        $url = '_login_redirect';
    }
    //$request->getSession()->save();
    // MAS: TODO Add Audit probably in listener
    return new RedirectResponse($this->urlGenerator->generate($url));
}

After AuthenticationSuccess it automatically redirects to loginReditrectAction() in SecurityController.php but here PostAuthenticationGuardToken is lost, AuthenticationEvent is returning AnonymousToken. Another observation I found when I printed session in loginRedirectAction() in SecurityContrller.php is "_security_secured_area" in session data is missing.

 #session: Session {#149 ▼
#storage: NativeSessionStorage {#148 ▶}
-flashName: "flashes"
-attributeName: "attributes"
-data: &2 array:2 [▼
  "_sf2_attributes" => &1 array:4 [▼
    "_csrf/https-kinetxx" => "rvR8Rr2UcDM_-y16ehk_jgYvMREJ8mTNouYCT16RtfY"
    "_security.last_username" => "ktx_provider"
    "userTimeZone" => "America/Chicago"
    "practiceTimeZone" => "America/New_York"
  ]
  "_symfony_flashes" => &3 []
]

My SecurityController.php

/**
 * @Route("/login_redirect", name="_login_redirect")
 *
 * @param Request $request
 *
 * @return RedirectResponse
 */
public function loginRedirectAction(Request $request)
{
   dump($request);
   dump($this->get('security.authorization_checker'));
   die;
}

Can someone help me resolving this?

Answer 1

I had this problem and the solution was to change my provider entity from

implements UserInterface, \\Serializable

to

implements AdvancedUserInterface, \\Serializable, EquatableInterface

and adding the needed methods: isEqualTo(UserInterface $user) , isAccountNonExpired() , isAccountNonLocked() , isCredentialsNonExpired() , isEnabled()