Symfony 4: How to troubleshoot / explain User being forced to login if visitng site from external link
Question
I have a Symfony 4 site which my users can log in. In the past it has also worked great when they clicked a link from a different domain they would not have to login and their session would just continue, since they were already logged in.
I recently upgraded to Symfony 4.4.18, and now when the user tries to visit the site from an different domain via a link, it will not recognize them and force them to log in again. However if they copy and paste the link directly into the address bar, they will NOT have to login.
I cannot figure out what could possibly be causing external links to force the user to the login page, but when the user manually types the sames address as the link they use their existing session.
I'm not sure what code to provide to help troubleshoot, and mainly feel like I'm missing something simple. Please leave a comment if I need to provide more information
1 answers
solution1
0 2021-04-13 22:24:03
In the end this had to do with the SameSite attributes for the cookies. Symfony changed the default to strict and this caused the session to start over each time I visited from an external page. I changed it to 'lax' in both the Security.yaml and the Framerwork.yaml and then my site started working as it did before.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.