Symfony: Default SESSION does not work (no cookie is set in Response) #18
Comments
|
Check if you actually have cookies in PSR7 request, dump If you don't have cookies: make sure your cookies are not set on the different domain We know for sure that cookies work (we have multiple application use them + there are a bunch of tests https://github.com/spiral/roadrunner/blob/master/service/http/handler_test.go#L113). If you still have no idea what is going on try to download rr repository and run |
|
Also check if your cookies are being returned in response (Chome Developer Console will help). |
|
Strange... I Rebooted the computer because I couldn't get RoadRunner to start again, and it works perfect... Maybe it have some issues shutting down cleanly? And wow, this is insanely fast!!! I just hope I don't get any memory issues since StreamedResponses haven't been impleneted yet... Anyway, this is my latest version of the worker script: |
|
(Also I changed to sockets because I don't want any errors if something is printed to STDOUT by accident ;) ) |
Can you please post your .rr file and name of your OS? |
Output buffer will be cleared on every response, so you only risking using more memory during one request (no leaks is expected). Streaming responses are something we are closing looking to implement in next update. |
|
Well this is embarasing :( after restart, I ran docker-compose up to get mysql and redis back online ,also starteed php (I didn't notice), and everytime I ran roadrunner I thought I was using that, but actually I was working via docker... So, Cookies are still not sent... (but atleast |
|
Have you tried to debug using instructions attached earlier? |
|
yup, just finished, seems like Symfony is not setting the cookies at all suddenly... (the same code works perfectly in Docker with Apache+mod-php and Apache + Php-fpm in production... First it hits login_check, which is successful (if I check profiler, and by looking at the Location in the return header, next it hits /dashboard, but it fails, because it doesn't have any cookies :( Check this out: |
|
Hmmmmm. Try to set host in request uri to the localhost (or host you use), it might be empty in PSR7 but Symfony might be requiring it. |
|
Okay, after a lot of stupidity, Symfony is setting the cookie in the symfony response: The PSR7 Response headers: But somehow the auth-cookie/session id is not set... |
|
Adding the Uri didn't work: |
|
So one cookie is set and another don't? Do you see cookie headers in chrome debug panel on a response from your login? |
|
Yup It's insanely weird... The "Debug toolbar" cookies, and the custom cookies I set to test is stored and sent, BUT not auth cookies... |
|
It seems the session storage doesn't work... |
|
I'm using redis backend for session storage.. .does that have any implications with Roadrunner? |
|
Not at all, only http layer is different. |
|
Strange, session does seems to work-ish, but it's weird: I saved a item in session: The ID is changing constantly, and therefor reading slighly different times, anyhow, the session id never reaches the browser :/ |
|
I think it's related to cookies not being emitted by Symfony, is there any sort of Symfony option to disable them? Maybe it requires any specific setting? |
|
I don't think so, it works perfectly everywhere else... The strange this is it seems the ID's are recycled, and the session storage works. It feels like something the load balancer is doing? Is there some logic looking at cookies in there? (Test is the time php first saw that session_id) |
|
In our production env / live, I deleted all cookies, and went to the dashboard Symfony immidiatly creates a new Cookie, and uses the "Set-cookie" header, on all sequent request, Chrome uses that cookie, and symfony never sends a Set-cookie again, not even when logging in (even with auth denied, it keeps the same cookie id). So, when I run up docker-compose, everything works immidiatly, if I stop docker-php, and run the symfony built in dev-server, it reacts exactly the same way as the production env. I can also see all cookies in Chrome dev-tools etc (1. set cookie on the first request, and then using that cookie on all subsequent requests). When using roadrunner, the browser never sees the cookie, even though somehow the same id's are recycled? |
|
Can you try to dump the $response->getHeaders() somewhere? Are they being set in response? |
|
Yeah, I don't have any clues what's happening... It doesn't seem like symfony returns any headers, but everytime roadrunner crashes (without any description to why), I have to reboot the machine to be able to get it up and running again, so troubleshooting is pretty slow... Also, is there any way of enabling xdebug in the workers? |
What OS are you using?
Yes, i will write an instruction next week how to configure it properly. |
|
I'm on Linux (Fedora 28) |
|
Is it possible that error within this lines? if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
}
if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? false) {
Request::setTrustedHosts(explode(',', $trustedHosts));
}Do you have any sort of IP filtering which might affect session creation or anything like that? Do you set this values using ENV? RR runs using php-cli mode and it might not nesessary provide same values as nginx. |
|
@grachevko how do you check if there data in session? Because i can send cookie all the time if it not present, but the idea in native sessions is that php-fpm adds cookies only if you have data in the session. If session empty it will not add anything. |
|
@Alex-Bond i don't check data in session. I see on session id, then send cookie if client session_id != server session_id. |
|
@grachevko technically its the same that i described earlier. The only better solution is to figure out how to check if there any data in session before sending cookies. |
|
@Alex-Bond session creates and generate id only on write data. If ids is different that session was writed. What edge case you want to fix? |
Your method required to inject listener to SF? I tried that way without injecting and after few requests system stops returning me session data. Russian: |
|
@Alex-Bond yes my listener is a part of sf and not related to rr directrly. Russian: |
У меня всегда генерится айди :( И самое крутое что в какой-то момент перестает отдавать данные из сессии вообще |
|
This is my version of the Symfony worker which handles sessions almost correctly: <?php
use Kernel\AppKernel;
use Spiral\Goridge\StreamRelay;
use Spiral\RoadRunner\PSR7Client;
use Spiral\RoadRunner\Worker;
use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use Symfony\Component\Debug\Debug;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Request;
require '../vendor/autoload.php';
require_once __DIR__ . '/load-env.php';
if ($debug) {
umask(0000);
Debug::enable();
}
if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? $_ENV['TRUSTED_PROXIES'] ?? false) {
Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
}
if ($trustedHosts = $_SERVER['TRUSTED_HOSTS'] ?? $_ENV['TRUSTED_HOSTS'] ?? false) {
Request::setTrustedHosts(explode(',', $trustedHosts));
}
$kernel = new AppKernel($env, $debug);
$relay = new StreamRelay(STDIN, STDOUT);
$psr7 = new PSR7Client(new Worker($relay));
$httpFoundationFactory = new HttpFoundationFactory();
$diactorosFactory = new DiactorosFactory();
while ($req = $psr7->acceptRequest()) {
try {
$request = $httpFoundationFactory->createRequest($req);
// Get the actual session ID from request.
$sessionId = (string)$request->cookies->get(session_name());
unset($_SESSION);
// Set new session id for PHP or forget previous request session id.
session_id($sessionId);
$response = $kernel->handle($request);
if (session_id() !== $sessionId) {
// Set session cookie if session id was changed
$response->headers->setCookie(
Cookie::create(
session_name(),
session_id()
)
);
}
$psr7->respond($diactorosFactory->createResponse($response));
$kernel->terminate($request, $response);
$kernel->reboot(null);
} catch (\Throwable $e) {
$psr7->getWorker()->error((string)$e);
}
}The only problem here is that the cookie output don't use cookie parameters like domain, path etc. |
|
Still this issue is there, also after php7.2 we are not allowed to change session_id like |
|
Not sure if it will help, but this is the way how we work with sessions under roadrunner: https://github.com/spiral/session/blob/master/src/Session.php It works with native sessions and operates on production for a couple of years so far (the handler is not file-based though). |
|
Hi, I wrote a symfony bundle that works with sessions: https://github.com/baldinof/roadrunner-bundle It also has a Flex recipe for easy installation. Hope it can help! |
|
...to chime in, I wrapped the magnificent bundle by @Baldinof in a Docker image: https://github.com/Radiergummi/roadrunner-symfony-skeleton May be helpful too :) |
rustatian
added
help-heeded-medium
|
I would appreciate if someone can add this information to https://github.com/spiral/roadrunner-docs/blob/master/integration/symfony.md I hope we can finally close this ticket! |
|
👍 I will write the PR. |
|
And the story is over. Let me know if this ticket should be reopened! |
Hi!
I have this code:
It's slighly modified Symfony code to handle env-variables :)
(Also, it's stunningly fast!!!!)
But I don't get any cookies returned, so I can see my logg inn is accepted, and I'm redirected to the dashboard, but there I get a permission denied and redirect to login (because no cookies have been set)...
Any tips on how to troubleshoot, or what might be wrong?
The text was updated successfully, but these errors were encountered: