symfony set the cookie_domain dynamically symfony set the cookie_domain dynamically symfony symfony

symfony set the cookie_domain dynamically


Ok, i've figured this out.

It was not that difficult.

I created a custom sessionStorage, extending the default one and i did a simple override where the options were being dealt with: there i calculated my cookie_domain and passed it to the parent::function :

use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;/** * DynamicDomainSessionStorage. * * @author Julien Devouassoud */class DynamicDomainSessionStorage extends NativeSessionStorage{     /**     * setOptions.     *     * {@inheritDoc}     */    public function setOptions(array $options)    {           if(isset($_SERVER['HTTP_HOST'])){            $domain = substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.'));            $options["cookie_domain"] = $domain;        }         return parent::setOptions($options);    }}

Don't forget:

• to declare your class as a service

• set this service as storage

• set the save_path otherwise cookie_domain seems not to work (breaks the session)

• i set a 'name' as well but i don't think it's essential

• code config.yml :

#...framework:    #...    session:         storage_id: v3d.session.storage.dynamic_domain         save_path: %kernel.root_dir%/cache/var/sessions         name: SFSESSIDservices    v3d.session.storage.dynamic_domain:        class: V3d\Bundle\ApplicationBundle\Services\DynamicDomainSessionStorage


I have a similar situation. It's a multi-tenant site with school districts and schools. Each district and school has its own URL as follows:

  • school-1.district-1.example.com
  • school-2.district-1.example.com
  • school-1.district-2.example.com

I want users to be able to access all schools in one district with a single login. I therefore need the cookie to be at the district level.

This is my session storage service.

namespace AppBundle\Services;use Symfony\Component\HttpFoundation\RequestStack;use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;class MySessionStorage extends NativeSessionStorage{    public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null, RequestStack $requestStack)    {        $host = $requestStack->getMasterRequest()->getHost();        $options['cookie_domain'] = substr($host, strpos($host, '.') + 1);        parent::__construct($options, $handler, $metaBag);    }}

In services.yml

mySessionStorage:    class: AppBundle\Services\MySessionStorage    arguments: [%session.storage.options%, @session.handler, @session.storage.metadata_bag, @request_stack]

In config.yml under framework:

session:    handler_id: session.handler.native_file    storage_id: mySessionStorage

Note that handler_id is null (~) by default in a standard Symfony installation. It needs to be set to something for the service to receive a non-null @session.handler.

That does it for the session cookie but the other one I needed to change is the remember_me cookie. You can set the domain to a constant in config.yml but I need it to depend on host. Maybe I'm missing something but I couldn't see a way to do it dynamically within the security system. RememberMeFactory is directly instantiated, not via configuration. My solution is to listen for kernel.response and replace the cookie before it is sent.

namespace AppBundle\Listeners;use Symfony\Component\HttpFoundation\Cookie;use Symfony\Component\HttpFoundation\RequestStack;use Symfony\Component\HttpKernel\Event\FilterResponseEvent;class CookieFix{    private $requestStack;    public function __construct(RequestStack $requestStack)    {        $this->requestStack = $requestStack;    }    public function onKernelResponse(FilterResponseEvent $event)    {        $response = $event->getResponse();        $cookies = $response->headers->getCookies();        $rMe = null;        foreach($cookies as $cookie) {            /** @var \Symfony\Component\HttpFoundation\Cookie $cookie */            if ($cookie->getName() == 'REMEMBERME') {                $rMe = $cookie;                break;            }        }        if ($rMe !== null) {            $host = $this->requestStack->getMasterRequest()->getHost();            $newDomain = substr($host, strpos($host, '.') + 1);            $response->headers->removeCookie($rMe->getName());            $response->headers->setCookie(new Cookie($rMe->getName(), $rMe->getValue(), $rMe->getExpiresTime(), $rMe->getPath(), $newDomain));        }    }}

I should probably try to get the cookie name from the config.

In services.yml

cookieFix:    class: AppBundle\Listeners\CookieFix    arguments: [@request_stack]    tags:        - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse, priority: -100 }

The -100 priority ensures that it runs after the listener that creates the cookie.