symfony set the cookie_domain dynamically
Ok, i've figured this out.
It was not that difficult.
I created a custom sessionStorage, extending the default one and i did a simple override where the options were being dealt with: there i calculated my cookie_domain and passed it to the parent::function :
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;/** * DynamicDomainSessionStorage. * * @author Julien Devouassoud */class DynamicDomainSessionStorage extends NativeSessionStorage{ /** * setOptions. * * {@inheritDoc} */ public function setOptions(array $options) { if(isset($_SERVER['HTTP_HOST'])){ $domain = substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.')); $options["cookie_domain"] = $domain; } return parent::setOptions($options); }}
Don't forget:
• to declare your class as a service
• set this service as storage
• set the save_path otherwise cookie_domain seems not to work (breaks the session)
• i set a 'name' as well but i don't think it's essential
• code config.yml
:
#...framework: #... session: storage_id: v3d.session.storage.dynamic_domain save_path: %kernel.root_dir%/cache/var/sessions name: SFSESSIDservices v3d.session.storage.dynamic_domain: class: V3d\Bundle\ApplicationBundle\Services\DynamicDomainSessionStorage
I have a similar situation. It's a multi-tenant site with school districts and schools. Each district and school has its own URL as follows:
- school-1.district-1.example.com
- school-2.district-1.example.com
- school-1.district-2.example.com
I want users to be able to access all schools in one district with a single login. I therefore need the cookie to be at the district level.
This is my session storage service.
namespace AppBundle\Services;use Symfony\Component\HttpFoundation\RequestStack;use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;class MySessionStorage extends NativeSessionStorage{ public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null, RequestStack $requestStack) { $host = $requestStack->getMasterRequest()->getHost(); $options['cookie_domain'] = substr($host, strpos($host, '.') + 1); parent::__construct($options, $handler, $metaBag); }}
In services.yml
mySessionStorage: class: AppBundle\Services\MySessionStorage arguments: [%session.storage.options%, @session.handler, @session.storage.metadata_bag, @request_stack]
In config.yml under framework:
session: handler_id: session.handler.native_file storage_id: mySessionStorage
Note that handler_id is null (~) by default in a standard Symfony installation. It needs to be set to something for the service to receive a non-null @session.handler.
That does it for the session cookie but the other one I needed to change is the remember_me cookie. You can set the domain to a constant in config.yml but I need it to depend on host. Maybe I'm missing something but I couldn't see a way to do it dynamically within the security system. RememberMeFactory is directly instantiated, not via configuration. My solution is to listen for kernel.response and replace the cookie before it is sent.
namespace AppBundle\Listeners;use Symfony\Component\HttpFoundation\Cookie;use Symfony\Component\HttpFoundation\RequestStack;use Symfony\Component\HttpKernel\Event\FilterResponseEvent;class CookieFix{ private $requestStack; public function __construct(RequestStack $requestStack) { $this->requestStack = $requestStack; } public function onKernelResponse(FilterResponseEvent $event) { $response = $event->getResponse(); $cookies = $response->headers->getCookies(); $rMe = null; foreach($cookies as $cookie) { /** @var \Symfony\Component\HttpFoundation\Cookie $cookie */ if ($cookie->getName() == 'REMEMBERME') { $rMe = $cookie; break; } } if ($rMe !== null) { $host = $this->requestStack->getMasterRequest()->getHost(); $newDomain = substr($host, strpos($host, '.') + 1); $response->headers->removeCookie($rMe->getName()); $response->headers->setCookie(new Cookie($rMe->getName(), $rMe->getValue(), $rMe->getExpiresTime(), $rMe->getPath(), $newDomain)); } }}
I should probably try to get the cookie name from the config.
In services.yml
cookieFix: class: AppBundle\Listeners\CookieFix arguments: [@request_stack] tags: - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse, priority: -100 }
The -100 priority ensures that it runs after the listener that creates the cookie.