-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PreviewToolbarListener (TokenChecker) starts session - even if stateless Route/Firewall #6220
Comments
Can you elaborate on your use case? What did you do to end up having that error. |
Where exactly is the session started? The TokenChecker does not start the session by itself either. Which scope did your route have? |
I have my own firewall with a scope. The routes have the defined scope. Here you can see the "StackTrace" as var_exp. array (
0 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/SessionBagProxy.php',
'line' => 66,
'function' => 'onSessionUsage',
'class' => 'Symfony\\Component\\HttpKernel\\EventListener\\AbstractSessionListener',
'type' => '->',
),
1 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php',
'line' => 443,
'function' => 'initialize',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\SessionBagProxy',
'type' => '->',
),
2 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php',
'line' => 176,
'function' => 'loadSession',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\Storage\\NativeSessionStorage',
'type' => '->',
),
3 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php',
'line' => 311,
'function' => 'start',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\Storage\\NativeSessionStorage',
'type' => '->',
),
4 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/Session.php',
'line' => 222,
'function' => 'getBag',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\Storage\\NativeSessionStorage',
'type' => '->',
),
5 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/Session.php',
'line' => 242,
'function' => 'getBag',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\Session',
'type' => '->',
),
6 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-foundation/Session/Session.php',
'line' => 64,
'function' => 'getAttributeBag',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\Session',
'type' => '->',
),
7 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/contao/core-bundle/src/Security/Authentication/Token/TokenChecker.php',
'line' => 199,
'function' => 'has',
'class' => 'Symfony\\Component\\HttpFoundation\\Session\\Session',
'type' => '->',
),
8 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/contao/core-bundle/src/Security/Authentication/Token/TokenChecker.php',
'line' => 155,
'function' => 'getTokenFromSession',
'class' => 'Contao\\CoreBundle\\Security\\Authentication\\Token\\TokenChecker',
'type' => '->',
),
9 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/contao/core-bundle/src/Security/Authentication/Token/TokenChecker.php',
'line' => 65,
'function' => 'getToken',
'class' => 'Contao\\CoreBundle\\Security\\Authentication\\Token\\TokenChecker',
'type' => '->',
),
10 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/contao/core-bundle/src/EventListener/PreviewToolbarListener.php',
'line' => 47,
'function' => 'hasBackendUser',
'class' => 'Contao\\CoreBundle\\Security\\Authentication\\Token\\TokenChecker',
'type' => '->',
),
11 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/event-dispatcher/Debug/WrappedListener.php',
'line' => 116,
'function' => '__invoke',
'class' => 'Contao\\CoreBundle\\EventListener\\PreviewToolbarListener',
'type' => '->',
),
12 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/event-dispatcher/EventDispatcher.php',
'line' => 220,
'function' => '__invoke',
'class' => 'Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener',
'type' => '->',
),
13 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/event-dispatcher/EventDispatcher.php',
'line' => 56,
'function' => 'callListeners',
'class' => 'Symfony\\Component\\EventDispatcher\\EventDispatcher',
'type' => '->',
),
14 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php',
'line' => 139,
'function' => 'dispatch',
'class' => 'Symfony\\Component\\EventDispatcher\\EventDispatcher',
'type' => '->',
),
15 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-kernel/HttpKernel.php',
'line' => 199,
'function' => 'dispatch',
'class' => 'Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher',
'type' => '->',
),
16 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-kernel/HttpKernel.php',
'line' => 187,
'function' => 'filterResponse',
'class' => 'Symfony\\Component\\HttpKernel\\HttpKernel',
'type' => '->',
),
17 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-kernel/HttpKernel.php',
'line' => 74,
'function' => 'handleRaw',
'class' => 'Symfony\\Component\\HttpKernel\\HttpKernel',
'type' => '->',
),
18 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/vendor/symfony/http-kernel/Kernel.php',
'line' => 197,
'function' => 'handle',
'class' => 'Symfony\\Component\\HttpKernel\\HttpKernel',
'type' => '->',
),
19 =>
array (
'file' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/public/index.php',
'line' => 44,
'function' => 'handle',
'class' => 'Symfony\\Component\\HttpKernel\\Kernel',
'type' => '->',
),
) |
Here the request as var_exp. There you can see the Route have the right scope... Symfony\Component\HttpFoundation\Request::__set_state(array(
'attributes' =>
Symfony\Component\HttpFoundation\ParameterBag::__set_state(array(
'parameters' =>
array (
'_stopwatch_token' => '308475',
'_route' => 'alpdesk_auth_member',
'_controller' => 'Alpdesk\\AlpdeskCore\\Controller\\Auth\\AlpdeskCoreAuthController::member',
'_scope' => 'alpdeskapi',
'_token_check' => false,
'_route_params' =>
array (
'_scope' => 'alpdeskapi',
'_token_check' => false,
),
'_firewall_context' => 'security.firewall.map.context.alpdeskcore_api',
'_stateless' => true,
),
)),
'request' =>
Symfony\Component\HttpFoundation\InputBag::__set_state(array(
'parameters' =>
array (
),
)),
'query' =>
Symfony\Component\HttpFoundation\InputBag::__set_state(array(
'parameters' =>
array (
),
)),
'server' =>
Symfony\Component\HttpFoundation\ServerBag::__set_state(array(
'parameters' =>
array (
'PHP_FCGI_CHILDREN' => '4',
'PWD' => '/Applications/MAMP/fcgi-bin',
'SHLVL' => '0',
'PHP_FCGI_MAX_REQUESTS' => '200',
'__CF_USER_TEXT_ENCODING' => '0x1F5:0x0:0x3',
'ORIG_SCRIPT_NAME' => '/fcgi-bin/php8.1.17.fcgi',
'ORIG_PATH_TRANSLATED' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/public/index.php',
'ORIG_PATH_INFO' => '/index.php',
'ORIG_SCRIPT_FILENAME' => '/Applications/MAMP/fcgi-bin/php8.1.17.fcgi',
'SCRIPT_NAME' => '/index.php',
'REQUEST_URI' => '/auth/member',
'QUERY_STRING' => '',
'REQUEST_METHOD' => 'POST',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'REDIRECT_URL' => '/index.php',
'REMOTE_PORT' => '63813',
'SCRIPT_FILENAME' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/public/index.php',
'SERVER_ADMIN' => 'you@example.com',
'CONTEXT_DOCUMENT_ROOT' => '/Applications/MAMP/fcgi-bin/',
'CONTEXT_PREFIX' => '/fcgi-bin/',
'REQUEST_SCHEME' => 'https',
'DOCUMENT_ROOT' => '/Users/benjaminhummel/Documents/MAMPP/alpdesk-core/public',
'REMOTE_ADDR' => '::1',
'SERVER_PORT' => '8890',
'SERVER_ADDR' => '::1',
'SERVER_NAME' => 'alpdesk-core',
'SERVER_SOFTWARE' => 'Apache/2.4.54 (Unix) mod_fastcgi/mod_fastcgi-SNAP-0910052141 OpenSSL/1.0.2u mod_wsgi/3.5 Python/2.7.18',
'SERVER_SIGNATURE' => '',
'PATH' => '/usr/bin:/bin:/usr/sbin:/sbin',
'CONTENT_LENGTH' => '0',
'HTTP_CACHE_CONTROL' => 'no-cache',
'HTTP_PRAGMA' => 'no-cache',
'HTTP_SEC_GPC' => '1',
'HTTP_SEC_FETCH_SITE' => 'same-origin',
'HTTP_SEC_FETCH_MODE' => 'cors',
'HTTP_SEC_FETCH_DEST' => 'empty',
'HTTP_COOKIE' => 'PHPSESSID=a5nsmm9ukmfc66coem7a3rjdkl; csrf_https-contao_csrf_token=20euvfTzzPxtpmWBFqx8rktGlCUqKmeijVd7mZ6jLtk',
'HTTP_CONNECTION' => 'keep-alive',
'HTTP_ORIGIN' => 'https://alpdesk-core:8890',
'CONTENT_TYPE' => 'application/json',
'HTTP_REFERER' => 'https://alpdesk-core:8890/alpdeskclient/login?rt=1689579877637',
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br',
'HTTP_ACCEPT_LANGUAGE' => 'de,en-US;q=0.7,en;q=0.3',
'HTTP_ACCEPT' => 'application/json, text/plain, */*',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0',
'HTTP_HOST' => 'alpdesk-core:8890',
'SSL_TLS_SNI' => 'alpdesk-core',
'HTTPS' => 'on',
'HTTP_AUTHORIZATION' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbHBkZXNrIiwiYXVkIjoiaHR0cHM6Ly9hbHBkZXNrLmRlIiwianRpIjoiWVd4d1pHVnphMTlvYjIxbFlYVjBiMjFoZEdsdmJrZDFhUT09IiwiaWF0IjoxNjg5NTgwMDU2LCJuYmYiOjE2ODk1ODAwNTYsImV4cCI6MTY4OTYzNDA1NiwidXNlcm5hbWUiOiJob21lYXV0b21hdGlvbkd1aSJ9.o5d7j3wOeYariABJtHHAXJEfx0jBuz_DEscWshBdP5E',
'REDIRECT_STATUS' => '200',
'REDIRECT_HANDLER' => 'php-fastcgi',
'REDIRECT_SSL_SESSION_RESUMED' => 'Initial',
'REDIRECT_SSL_SERVER_A_SIG' => 'sha256WithRSAEncryption',
'REDIRECT_SSL_SERVER_A_KEY' => 'rsaEncryption',
'REDIRECT_SSL_SERVER_I_DN' => 'CN=MAMP_PRO_Root_CA,OU=MAMP PRO',
'REDIRECT_SSL_SERVER_S_DN' => 'OU=6.7,CN=alpdesk-core,O=MAMP PRO',
'REDIRECT_SSL_SERVER_V_END' => 'Jan 24 19:56:24 2024 GMT',
'REDIRECT_SSL_SERVER_V_START' => 'Jan 24 19:56:24 2023 GMT',
'REDIRECT_SSL_SERVER_M_SERIAL' => '98BA4352B89FDDB8',
'REDIRECT_SSL_SERVER_M_VERSION' => '3',
'REDIRECT_SSL_CLIENT_VERIFY' => 'NONE',
'REDIRECT_SSL_CIPHER_ALGKEYSIZE' => '128',
'REDIRECT_SSL_CIPHER_USEKEYSIZE' => '128',
'REDIRECT_SSL_CIPHER_EXPORT' => 'false',
'REDIRECT_SSL_CIPHER' => 'ECDHE-RSA-AES128-GCM-SHA256',
'REDIRECT_SSL_COMPRESS_METHOD' => 'NULL',
'REDIRECT_SSL_SECURE_RENEG' => 'true',
'REDIRECT_SSL_PROTOCOL' => 'TLSv1.2',
'REDIRECT_SSL_VERSION_LIBRARY' => 'OpenSSL/1.0.2u',
'REDIRECT_SSL_VERSION_INTERFACE' => 'mod_ssl/2.4.54',
'REDIRECT_SSL_SERVER_SAN_DNS_2' => 'contao.alpdesk-core',
'REDIRECT_SSL_SERVER_SAN_DNS_1' => 'alpdesk-core.local',
'REDIRECT_SSL_SERVER_SAN_DNS_0' => 'alpdesk-core',
'REDIRECT_SSL_SERVER_I_DN_CN' => 'MAMP_PRO_Root_CA',
'REDIRECT_SSL_SERVER_I_DN_OU' => 'MAMP PRO',
'REDIRECT_SSL_SERVER_S_DN_OU' => '6.7',
'REDIRECT_SSL_SERVER_S_DN_CN' => 'alpdesk-core',
'REDIRECT_SSL_SERVER_S_DN_O' => 'MAMP PRO',
'REDIRECT_SSL_TLS_SNI' => 'alpdesk-core',
'REDIRECT_HTTPS' => 'on',
'REDIRECT_HTTP_AUTHORIZATION' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbHBkZXNrIiwiYXVkIjoiaHR0cHM6Ly9hbHBkZXNrLmRlIiwianRpIjoiWVd4d1pHVnphMTlvYjIxbFlYVjBiMjFoZEdsdmJrZDFhUT09IiwiaWF0IjoxNjg5NTgwMDU2LCJuYmYiOjE2ODk1ODAwNTYsImV4cCI6MTY4OTYzNDA1NiwidXNlcm5hbWUiOiJob21lYXV0b21hdGlvbkd1aSJ9.o5d7j3wOeYariABJtHHAXJEfx0jBuz_DEscWshBdP5E',
'REDIRECT_REDIRECT_STATUS' => '200',
'REDIRECT_REDIRECT_SSL_TLS_SNI' => 'alpdesk-core',
'REDIRECT_REDIRECT_HTTPS' => 'on',
'REDIRECT_REDIRECT_HTTP_AUTHORIZATION' => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbHBkZXNrIiwiYXVkIjoiaHR0cHM6Ly9hbHBkZXNrLmRlIiwianRpIjoiWVd4d1pHVnphMTlvYjIxbFlYVjBiMjFoZEdsdmJrZDFhUT09IiwiaWF0IjoxNjg5NTgwMDU2LCJuYmYiOjE2ODk1ODAwNTYsImV4cCI6MTY4OTYzNDA1NiwidXNlcm5hbWUiOiJob21lYXV0b21hdGlvbkd1aSJ9.o5d7j3wOeYariABJtHHAXJEfx0jBuz_DEscWshBdP5E',
'FCGI_ROLE' => 'RESPONDER',
'PHP_SELF' => '/index.php',
'REQUEST_TIME_FLOAT' => 1689580056.521055,
'REQUEST_TIME' => 1689580056,
),
)),
'files' =>
Symfony\Component\HttpFoundation\FileBag::__set_state(array(
'parameters' =>
array (
),
)),
'cookies' =>
Symfony\Component\HttpFoundation\InputBag::__set_state(array(
'parameters' =>
array (
'PHPSESSID' => 'a5nsmm9ukmfc66coem7a3rjdkl',
'csrf_https-contao_csrf_token' => '20euvfTzzPxtpmWBFqx8rktGlCUqKmeijVd7mZ6jLtk',
),
)),
'headers' =>
Symfony\Component\HttpFoundation\HeaderBag::__set_state(array(
'headers' =>
array (
'content-length' =>
array (
0 => '0',
),
'cache-control' =>
array (
0 => 'no-cache',
),
'pragma' =>
array (
0 => 'no-cache',
),
'sec-gpc' =>
array (
0 => '1',
),
'sec-fetch-site' =>
array (
0 => 'same-origin',
),
'sec-fetch-mode' =>
array (
0 => 'cors',
),
'sec-fetch-dest' =>
array (
0 => 'empty',
),
'cookie' =>
array (
0 => 'PHPSESSID=a5nsmm9ukmfc66coem7a3rjdkl; csrf_https-contao_csrf_token=20euvfTzzPxtpmWBFqx8rktGlCUqKmeijVd7mZ6jLtk',
),
'connection' =>
array (
0 => 'keep-alive',
),
'origin' =>
array (
0 => 'https://alpdesk-core:8890',
),
'content-type' =>
array (
0 => 'application/json',
),
'referer' =>
array (
0 => 'https://alpdesk-core:8890/alpdeskclient/login?rt=1689579877637',
),
'accept-encoding' =>
array (
0 => 'gzip, deflate, br',
),
'accept-language' =>
array (
0 => 'de,en-US;q=0.7,en;q=0.3',
),
'accept' =>
array (
0 => 'application/json, text/plain, */*',
),
'user-agent' =>
array (
0 => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0',
),
'host' =>
array (
0 => 'alpdesk-core:8890',
),
'authorization' =>
array (
0 => 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJBbHBkZXNrIiwiYXVkIjoiaHR0cHM6Ly9hbHBkZXNrLmRlIiwianRpIjoiWVd4d1pHVnphMTlvYjIxbFlYVjBiMjFoZEdsdmJrZDFhUT09IiwiaWF0IjoxNjg5NTgwMDU2LCJuYmYiOjE2ODk1ODAwNTYsImV4cCI6MTY4OTYzNDA1NiwidXNlcm5hbWUiOiJob21lYXV0b21hdGlvbkd1aSJ9.o5d7j3wOeYariABJtHHAXJEfx0jBuz_DEscWshBdP5E',
),
'x-php-ob-level' =>
array (
0 => '1',
),
),
'cacheControl' =>
array (
'no-cache' => true,
),
)),
'content' => '',
'languages' =>
array (
0 => 'de',
1 => 'en_US',
2 => 'en',
),
'charsets' => NULL,
'encodings' => NULL,
'acceptableContentTypes' => NULL,
'pathInfo' => '/auth/member',
'requestUri' => '/auth/member',
'baseUrl' => '',
'basePath' => NULL,
'method' => 'POST',
'format' => NULL,
'session' =>
Symfony\Component\HttpFoundation\Session\Session::__set_state(array(
'storage' =>
Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::__set_state(array(
'bags' =>
array (
'attributes' =>
Symfony\Component\HttpFoundation\Session\SessionBagProxy::__set_state(array(
'bag' =>
Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag::__set_state(array(
'name' => 'attributes',
'storageKey' => '_sf2_attributes',
'attributes' =>
array (
'_security_contao_backend' => 'O:75:"Symfony\\Component\\Security\\Http\\Authenticator\\Token\\PostAuthenticationToken":2:{i:0;s:14:"contao_backend";i:1;a:5:{i:0;O:18:"Contao\\BackendUser":3:{s:5:"admin";b:1;s:3:"amg";a:0:{}s:6:"parent";a:6:{s:2:"id";i:1;s:8:"username";s:9:"xprojects";s:8:"password";s:60:"$2y$13$FvzBBD6v.UcruteOvIW4Uu5BMBi7e9Rryhe7/bU/nannAMsk4hPQm";s:7:"disable";b:0;s:5:"start";s:0:"";s:4:"stop";s:0:"";}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:4:{i:0;s:9:"ROLE_USER";i:1;s:10:"ROLE_ADMIN";i:2;s:22:"ROLE_ALLOWED_TO_SWITCH";i:3;s:29:"ROLE_ALLOWED_TO_SWITCH_MEMBER";}}}',
'referer' =>
array (
'IcASpCXx' =>
array (
'last' => '',
'current' => '/contao',
),
),
),
)),
'data' =>
array (
'_sf2_attributes' =>
array (
'_security_contao_backend' => 'O:75:"Symfony\\Component\\Security\\Http\\Authenticator\\Token\\PostAuthenticationToken":2:{i:0;s:14:"contao_backend";i:1;a:5:{i:0;O:18:"Contao\\BackendUser":3:{s:5:"admin";b:1;s:3:"amg";a:0:{}s:6:"parent";a:6:{s:2:"id";i:1;s:8:"username";s:9:"xprojects";s:8:"password";s:60:"$2y$13$FvzBBD6v.UcruteOvIW4Uu5BMBi7e9Rryhe7/bU/nannAMsk4hPQm";s:7:"disable";b:0;s:5:"start";s:0:"";s:4:"stop";s:0:"";}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:4:{i:0;s:9:"ROLE_USER";i:1;s:10:"ROLE_ADMIN";i:2;s:22:"ROLE_ALLOWED_TO_SWITCH";i:3;s:29:"ROLE_ALLOWED_TO_SWITCH_MEMBER";}}}',
'referer' =>
array (
'IcASpCXx' =>
array (
'last' => '',
'current' => '/contao',
),
),
),
'_symfony_flashes' =>
array (
),
'_contao_be_attributes' =>
array (
'fieldset_states' =>
array (
'tl_user' =>
array (
'theme_legend' => 1,
'alpdeskcore_legend' => 1,
),
'tl_settings' =>
array (
'backend_legend' => 1,
'security_legend' => 1,
'files_legend' => 1,
'uploads_legend' => 1,
),
'tl_member' =>
array (
'homedir_legend' => 1,
),
'tl_layout' =>
array (
'jquery_legend' => 1,
),
'tl_user_group' =>
array (
'alexf_legend' => 1,
'alpdeskcore_legend' => 1,
'modules_legend' => 0,
),
),
'new_records' =>
array (
'tl_theme' =>
array (
0 => '1',
),
'tl_layout' =>
array (
0 => '1',
),
'tl_alpdeskcore_sessions' =>
array (
0 => '2',
),
'tl_user_group' =>
array (
0 => '1',
),
'tl_user' =>
array (
0 => '2',
),
'tl_alpdeskcore_databasemanager' =>
array (
0 => '2',
),
),
'filetree' =>
array (
'c7c86130' => 1,
'25eadaf9' => 1,
'f45857ec' => 1,
'5b5f7a49' => 1,
'e7e45088' => 1,
),
'tl_page_tree' =>
array (
1 => 1,
2 => 0,
),
'tl_article_tl_page_tree' =>
array (
1 => 0,
),
'checkbox_groups' =>
array (
'cbc_alexf_tl_alpdeskcore_databasemanager' => 0,
'cbc_modules_alpdesk-core' => 1,
'cbc_modules_layout' => 1,
'cbc_modules_benutzer' => 1,
'cbc_modules_system' => 1,
),
),
'_contao_fe_attributes' =>
array (
),
),
'usageIndex' => 6,
'usageReporter' =>
Closure::__set_state(array(
)),
)),
'flashes' =>
Symfony\Component\HttpFoundation\Session\SessionBagProxy::__set_state(array(
'bag' =>
Symfony\Component\HttpFoundation\Session\Flash\FlashBag::__set_state(array(
'name' => 'flashes',
'flashes' =>
array (
),
'storageKey' => '_symfony_flashes',
)),
'data' =>
array (
'_sf2_attributes' =>
array (
'_security_contao_backend' => 'O:75:"Symfony\\Component\\Security\\Http\\Authenticator\\Token\\PostAuthenticationToken":2:{i:0;s:14:"contao_backend";i:1;a:5:{i:0;O:18:"Contao\\BackendUser":3:{s:5:"admin";b:1;s:3:"amg";a:0:{}s:6:"parent";a:6:{s:2:"id";i:1;s:8:"username";s:9:"xprojects";s:8:"password";s:60:"$2y$13$FvzBBD6v.UcruteOvIW4Uu5BMBi7e9Rryhe7/bU/nannAMsk4hPQm";s:7:"disable";b:0;s:5:"start";s:0:"";s:4:"stop";s:0:"";}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:4:{i:0;s:9:"ROLE_USER";i:1;s:10:"ROLE_ADMIN";i:2;s:22:"ROLE_ALLOWED_TO_SWITCH";i:3;s:29:"ROLE_ALLOWED_TO_SWITCH_MEMBER";}}}',
'referer' =>
array (
'IcASpCXx' =>
array (
'last' => '',
'current' => '/contao',
),
),
),
'_symfony_flashes' =>
array (
),
'_contao_be_attributes' =>
array (
'fieldset_states' =>
array (
'tl_user' =>
array (
'theme_legend' => 1,
'alpdeskcore_legend' => 1,
),
'tl_settings' =>
array (
'backend_legend' => 1,
'security_legend' => 1,
'files_legend' => 1,
'uploads_legend' => 1,
),
'tl_member' =>
array (
'homedir_legend' => 1,
),
'tl_layout' =>
array (
'jquery_legend' => 1,
),
'tl_user_group' =>
array (
'alexf_legend' => 1,
'alpdeskcore_legend' => 1,
'modules_legend' => 0,
),
),
'new_records' =>
array (
'tl_theme' =>
array (
0 => '1',
),
'tl_layout' =>
array (
0 => '1',
),
'tl_alpdeskcore_sessions' =>
array (
0 => '2',
),
'tl_user_group' =>
array (
0 => '1',
),
'tl_user' =>
array (
0 => '2',
),
'tl_alpdeskcore_databasemanager' =>
array (
0 => '2',
),
),
'filetree' =>
array (
'c7c86130' => 1,
'25eadaf9' => 1,
'f45857ec' => 1,
'5b5f7a49' => 1,
'e7e45088' => 1,
),
'tl_page_tree' =>
array (
1 => 1,
2 => 0,
),
'tl_article_tl_page_tree' =>
array (
1 => 0,
),
'checkbox_groups' =>
array (
'cbc_alexf_tl_alpdeskcore_databasemanager' => 0,
'cbc_modules_alpdesk-core' => 1,
'cbc_modules_layout' => 1,
'cbc_modules_benutzer' => 1,
'cbc_modules_system' => 1,
),
),
'_contao_fe_attributes' =>
array (
),
),
'usageIndex' => 6,
'usageReporter' =>
Closure::__set_state(array(
)),
)),
'contao_backend' =>
Symfony\Component\HttpFoundation\Session\SessionBagProxy::__set_state(array(
'bag' =>
Contao\CoreBundle\Session\Attribute\ArrayAttributeBag::__set_state(array(
'name' => 'contao_backend',
'storageKey' => '_contao_be_attributes',
'attributes' =>
array (
'fieldset_states' =>
array (
'tl_user' =>
array (
'theme_legend' => 1,
'alpdeskcore_legend' => 1,
),
'tl_settings' =>
array (
'backend_legend' => 1,
'security_legend' => 1,
'files_legend' => 1,
'uploads_legend' => 1,
),
'tl_member' =>
array (
'homedir_legend' => 1,
),
'tl_layout' =>
array (
'jquery_legend' => 1,
),
'tl_user_group' =>
array (
'alexf_legend' => 1,
'alpdeskcore_legend' => 1,
'modules_legend' => 0,
),
),
'new_records' =>
array (
'tl_theme' =>
array (
0 => '1',
),
'tl_layout' =>
array (
0 => '1',
),
'tl_alpdeskcore_sessions' =>
array (
0 => '2',
),
'tl_user_group' =>
array (
0 => '1',
),
'tl_user' =>
array (
0 => '2',
),
'tl_alpdeskcore_databasemanager' =>
array (
0 => '2',
),
),
'filetree' =>
array (
'c7c86130' => 1,
'25eadaf9' => 1,
'f45857ec' => 1,
'5b5f7a49' => 1,
'e7e45088' => 1,
),
'tl_page_tree' =>
array (
1 => 1,
2 => 0,
),
'tl_article_tl_page_tree' =>
array (
1 => 0,
),
'checkbox_groups' =>
array (
'cbc_alexf_tl_alpdeskcore_databasemanager' => 0,
'cbc_modules_alpdesk-core' => 1,
'cbc_modules_layout' => 1,
'cbc_modules_benutzer' => 1,
'cbc_modules_system' => 1,
),
),
)),
'data' =>
array (
'_sf2_attributes' =>
array (
'_security_contao_backend' => 'O:75:"Symfony\\Component\\Security\\Http\\Authenticator\\Token\\PostAuthenticationToken":2:{i:0;s:14:"contao_backend";i:1;a:5:{i:0;O:18:"Contao\\BackendUser":3:{s:5:"admin";b:1;s:3:"amg";a:0:{}s:6:"parent";a:6:{s:2:"id";i:1;s:8:"username";s:9:"xprojects";s:8:"password";s:60:"$2y$13$FvzBBD6v.UcruteOvIW4Uu5BMBi7e9Rryhe7/bU/nannAMsk4hPQm";s:7:"disable";b:0;s:5:"start";s:0:"";s:4:"stop";s:0:"";}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:4:{i:0;s:9:"ROLE_USER";i:1;s:10:"ROLE_ADMIN";i:2;s:22:"ROLE_ALLOWED_TO_SWITCH";i:3;s:29:"ROLE_ALLOWED_TO_SWITCH_MEMBER";}}}',
'referer' =>
array (
'IcASpCXx' =>
array (
'last' => '',
'current' => '/contao',
),
),
),
'_symfony_flashes' =>
array (
),
'_contao_be_attributes' =>
array (
'fieldset_states' =>
array (
'tl_user' =>
array (
'theme_legend' => 1,
'alpdeskcore_legend' => 1,
),
'tl_settings' =>
array (
'backend_legend' => 1,
'security_legend' => 1,
'files_legend' => 1,
'uploads_legend' => 1,
),
'tl_member' =>
array (
'homedir_legend' => 1,
),
'tl_layout' =>
array (
'jquery_legend' => 1,
),
'tl_user_group' =>
array (
'alexf_legend' => 1,
'alpdeskcore_legend' => 1,
'modules_legend' => 0,
),
),
'new_records' =>
array (
'tl_theme' =>
array (
0 => '1',
),
'tl_layout' =>
array (
0 => '1',
),
'tl_alpdeskcore_sessions' =>
array (
0 => '2',
),
'tl_user_group' =>
array (
0 => '1',
),
'tl_user' =>
array (
0 => '2',
),
'tl_alpdeskcore_databasemanager' =>
array (
0 => '2',
),
),
'filetree' =>
array (
'c7c86130' => 1,
'25eadaf9' => 1,
'f45857ec' => 1,
'5b5f7a49' => 1,
'e7e45088' => 1,
),
'tl_page_tree' =>
array (
1 => 1,
2 => 0,
),
'tl_article_tl_page_tree' =>
array (
1 => 0,
),
'checkbox_groups' =>
array (
'cbc_alexf_tl_alpdeskcore_databasemanager' => 0,
'cbc_modules_alpdesk-core' => 1,
'cbc_modules_layout' => 1,
'cbc_modules_benutzer' => 1,
'cbc_modules_system' => 1,
),
),
'_contao_fe_attributes' =>
array (
),
),
'usageIndex' => 6,
'usageReporter' =>
Closure::__set_state(array(
)),
)),
'contao_frontend' =>
Symfony\Component\HttpFoundation\Session\SessionBagProxy::__set_state(array(
'bag' =>
Contao\CoreBundle\Session\Attribute\ArrayAttributeBag::__set_state(array(
'name' => 'contao_frontend',
'storageKey' => '_contao_fe_attributes',
'attributes' =>
array (
),
)),
'data' =>
array (
'_sf2_attributes' =>
array (
'_security_contao_backend' => 'O:75:"Symfony\\Component\\Security\\Http\\Authenticator\\Token\\PostAuthenticationToken":2:{i:0;s:14:"contao_backend";i:1;a:5:{i:0;O:18:"Contao\\BackendUser":3:{s:5:"admin";b:1;s:3:"amg";a:0:{}s:6:"parent";a:6:{s:2:"id";i:1;s:8:"username";s:9:"xprojects";s:8:"password";s:60:"$2y$13$FvzBBD6v.UcruteOvIW4Uu5BMBi7e9Rryhe7/bU/nannAMsk4hPQm";s:7:"disable";b:0;s:5:"start";s:0:"";s:4:"stop";s:0:"";}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:4:{i:0;s:9:"ROLE_USER";i:1;s:10:"ROLE_ADMIN";i:2;s:22:"ROLE_ALLOWED_TO_SWITCH";i:3;s:29:"ROLE_ALLOWED_TO_SWITCH_MEMBER";}}}',
'referer' =>
array (
'IcASpCXx' =>
array (
'last' => '',
'current' => '/contao',
),
),
),
'_symfony_flashes' =>
array (
),
'_contao_be_attributes' =>
array (
'fieldset_states' =>
array (
'tl_user' =>
array (
'theme_legend' => 1,
'alpdeskcore_legend' => 1,
),
'tl_settings' =>
array (
'backend_legend' => 1,
'security_legend' => 1,
'files_legend' => 1,
'uploads_legend' => 1,
),
'tl_member' =>
array (
'homedir_legend' => 1,
),
'tl_layout' =>
array (
'jquery_legend' => 1,
),
'tl_user_group' =>
array (
'alexf_legend' => 1,
'alpdeskcore_legend' => 1,
'modules_legend' => 0,
),
),
'new_records' =>
array (
'tl_theme' =>
array (
0 => '1',
),
'tl_layout' =>
array (
0 => '1',
),
'tl_alpdeskcore_sessions' =>
array (
0 => '2',
),
'tl_user_group' =>
array (
0 => '1',
),
'tl_user' =>
array (
0 => '2',
),
'tl_alpdeskcore_databasemanager' =>
array (
0 => '2',
),
),
'filetree' =>
array (
'c7c86130' => 1,
'25eadaf9' => 1,
'f45857ec' => 1,
'5b5f7a49' => 1,
'e7e45088' => 1,
),
'tl_page_tree' =>
array (
1 => 1,
2 => 0,
),
'tl_article_tl_page_tree' =>
array (
1 => 0,
),
'checkbox_groups' =>
array (
'cbc_alexf_tl_alpdeskcore_databasemanager' => 0,
'cbc_modules_alpdesk-core' => 1,
'cbc_modules_layout' => 1,
'cbc_modules_benutzer' => 1,
'cbc_modules_system' => 1,
),
),
'_contao_fe_attributes' =>
array (
),
),
'usageIndex' => 6,
'usageReporter' =>
Closure::__set_state(array(
)),
)),
),
'started' => false,
'closed' => true,
'saveHandler' =>
Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy::__set_state(array(
'wrapper' => false,
'saveHandlerName' => 'files',
'handler' =>
Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler::__set_state(array(
'sessionName' => 'PHPSESSID',
'newSessionId' => NULL,
'igbinaryEmptyData' => '',
'handler' =>
SessionHandler::__set_state(array(
)),
)),
)),
'metadataBag' =>
Symfony\Component\HttpFoundation\Session\Storage\MetadataBag::__set_state(array(
'name' => '__metadata',
'storageKey' => '_sf2_meta',
'meta' =>
array (
'u' => 1689580057,
'c' => 1689579509,
'l' => 0,
),
'lastUsed' => 1689580057,
'updateThreshold' => 0,
)),
)),
'flashName' => 'flashes',
'attributeName' => 'attributes',
'data' =>
array (
'_sf2_attributes' =>
array (
'_security_contao_backend' => 'O:75:"Symfony\\Component\\Security\\Http\\Authenticator\\Token\\PostAuthenticationToken":2:{i:0;s:14:"contao_backend";i:1;a:5:{i:0;O:18:"Contao\\BackendUser":3:{s:5:"admin";b:1;s:3:"amg";a:0:{}s:6:"parent";a:6:{s:2:"id";i:1;s:8:"username";s:9:"xprojects";s:8:"password";s:60:"$2y$13$FvzBBD6v.UcruteOvIW4Uu5BMBi7e9Rryhe7/bU/nannAMsk4hPQm";s:7:"disable";b:0;s:5:"start";s:0:"";s:4:"stop";s:0:"";}}i:1;b:1;i:2;N;i:3;a:0:{}i:4;a:4:{i:0;s:9:"ROLE_USER";i:1;s:10:"ROLE_ADMIN";i:2;s:22:"ROLE_ALLOWED_TO_SWITCH";i:3;s:29:"ROLE_ALLOWED_TO_SWITCH_MEMBER";}}}',
'referer' =>
array (
'IcASpCXx' =>
array (
'last' => '',
'current' => '/contao',
),
),
),
'_symfony_flashes' =>
array (
),
'_contao_be_attributes' =>
array (
'fieldset_states' =>
array (
'tl_user' =>
array (
'theme_legend' => 1,
'alpdeskcore_legend' => 1,
),
'tl_settings' =>
array (
'backend_legend' => 1,
'security_legend' => 1,
'files_legend' => 1,
'uploads_legend' => 1,
),
'tl_member' =>
array (
'homedir_legend' => 1,
),
'tl_layout' =>
array (
'jquery_legend' => 1,
),
'tl_user_group' =>
array (
'alexf_legend' => 1,
'alpdeskcore_legend' => 1,
'modules_legend' => 0,
),
),
'new_records' =>
array (
'tl_theme' =>
array (
0 => '1',
),
'tl_layout' =>
array (
0 => '1',
),
'tl_alpdeskcore_sessions' =>
array (
0 => '2',
),
'tl_user_group' =>
array (
0 => '1',
),
'tl_user' =>
array (
0 => '2',
),
'tl_alpdeskcore_databasemanager' =>
array (
0 => '2',
),
),
'filetree' =>
array (
'c7c86130' => 1,
'25eadaf9' => 1,
'f45857ec' => 1,
'5b5f7a49' => 1,
'e7e45088' => 1,
),
'tl_page_tree' =>
array (
1 => 1,
2 => 0,
),
'tl_article_tl_page_tree' =>
array (
1 => 0,
),
'checkbox_groups' =>
array (
'cbc_alexf_tl_alpdeskcore_databasemanager' => 0,
'cbc_modules_alpdesk-core' => 1,
'cbc_modules_layout' => 1,
'cbc_modules_benutzer' => 1,
'cbc_modules_system' => 1,
),
),
'_contao_fe_attributes' =>
array (
),
),
'usageIndex' => 6,
'usageReporter' =>
Closure::__set_state(array(
)),
)),
'locale' => NULL,
'defaultLocale' => 'en',
'preferredFormat' => NULL,
'isHostValid' => true,
'isForwardedValid' => true,
)) |
It has to be said that the behavior only occurs if you are logged into the backend at the same time and, for example, use the API via a JS application in the same browser. |
Ah I see, it's the |
Not sure what you mean @Toflar. The TokenChecker is supposed to read the session. However, it also does a I'm not really sure we currently support a stateless firewall concept. I'm also not sure it would actually be needed for that use case, because if a user is logged in to the back end, a session cookie would already be present and the regular firewall should work as usual, as long as the API endpoint has |
The |
Exactly. that is the case here and I think if a request comes with a different scope then backend (here "alpdeskapi"), no session should be started anyway. I agree with @Toflar that the scope should also be checked. |
If there is a session from the back end login, then there is a session – and none would be newly started? |
Reading the initial topic again… I think it is incorrect to use a stateless firewall for this case then, since you MUST access the session to check the back end user. A stateless firewall only makes sense for a non-browser-API (because of no session cookies) imho. |
But they are not checking the back end user. |
This is exactly the use case here, but the API is also served by a JS JPA. I think that should be allowed too! Due to the separate scope of request, it does not go to the Contao backend and does not check the backend user either. |
@aschempp here is a minimal reproduction for the // src/ContaoManager/Plugin.php
namespace App\ContaoManager;
use Contao\ManagerPlugin\Config\ContainerBuilder;
use Contao\ManagerPlugin\Config\ExtensionPluginInterface;
use Symfony\Component\Security\Core\User\InMemoryUser;
class Plugin implements ExtensionPluginInterface
{
public function getExtensionConfig($extensionName, array $extensionConfigs, ContainerBuilder $container)
{
if ('security' !== $extensionName) {
return $extensionConfigs;
}
foreach ($extensionConfigs as &$extensionConfig) {
if (!isset($extensionConfig['firewalls'])) {
continue;
}
$extensionConfig['providers']['foobar_user_provider'] = [
'memory' => [
'users' => [
'foobar' => ['password' => '$2y$13$WIRT.J5YD5Qor5l4QhTSoulA9J.a7Gek1oXBp2htkxg440ABmayay', 'roles' => 'ROLE_USER'],
],
],
];
$extensionConfig['firewalls'] = [
'foobar' => [
'pattern' => '^/foobar',
'http_basic' => ['realm' => 'Foobar'],
'provider' => 'foobar_user_provider',
'stateless' => true,
]
] + $extensionConfig['firewalls'];
$extensionConfig['access_control'] = [['path' => '^/foobar', 'roles' => 'ROLE_USER']] + $extensionConfig['access_control'];
$extensionConfig['password_hashers'][InMemoryUser::class] = 'auto';
break;
}
return $extensionConfigs;
}
} // src/Controller/FoobarController.php
namespace App\Controller;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
#[Route('/foobar')]
class FoobarController
{
public function __invoke(): Response
{
return new Response('Hello World!');
}
}
Note that this is a completely separate firewall for a completely separate controller, independent from Contao itself. But the error described in this issue will still occur, if you first log into the Contao front or back end and then access the |
I understand why the problem happens. Your browser has a session cookie from the back end login, that's why @xprojects-de if I understand correctly, your SPA is a tool for front end editing of Contao content? How do I authenticate in that application (how do you get the stateless firewall token)? |
@aschempp thanks for the reply.
That's true, but it has nothing to do with frontend editing. My use case is as follows:
The authentication runs via its own Authguard with its own administration in the database. The Contao backend user is not used. |
But the session was created for an entirely different firewall. |
I see, sorry @xprojects-de I was confused with another GitHub issue then 😅
Obviously, but that does not really matter. There's a session cookie, so there's a previous session 😂 So maybe we need to check for the |
But from a different firewall. The point is that the
Seems reasonable. Or should the |
Maybe related to this: symfony/symfony#51319 |
Related discussions: symfony/symfony#50715, symfony/symfony#48044 (comment) |
There is already an issue in Symfony about this: symfony/symfony#50715 @xprojects-de you can bypass this in your own routes by setting the route flag symfony/symfony#48044 (comment) or downgrade to Symfony 6.2 in the meantime. |
For reference, here is the stack trace again:
And the session is started via our
|
Description ----------- Fixes contao/contao#6220 Commits ------- f11760d3 Check preview script before firewall
Description ----------- In Symfony 5.3 this config was added to the default security config in order to enable the `auto` password hasher for all user classes that implement this interface (see symfony/recipes#981) - which `Contao\User` also implements. I think we should do the same in the `contao/managed-edition`. This way you don't have to define this yourself in case you are using HTTP Basic Authentication for some controller outside Contao's own firewalls. For instance, in [this example](#6220 (comment)) the line ```php $extensionConfig['password_hashers'][InMemoryUser::class] = 'auto'; ``` could be omitted then. Commits ------- 84c6d47 set auto password hasher to auto for all ab0a671 also set password hasher for Contao\User specifically 593d244 update README and test config
Description ----------- In Symfony 5.3 this config was added to the default security config in order to enable the `auto` password hasher for all user classes that implement this interface (see symfony/recipes#981) - which `Contao\User` also implements. I think we should do the same in the `contao/managed-edition`. This way you don't have to define this yourself in case you are using HTTP Basic Authentication for some controller outside Contao's own firewalls. For instance, in [this example](contao/contao#6220 (comment)) the line ```php $extensionConfig['password_hashers'][InMemoryUser::class] = 'auto'; ``` could be omitted then. Commits ------- 84c6d47a set auto password hasher to auto for all ab0a6719 also set password hasher for Contao\User specifically 593d2448 update README and test config
Description ----------- In Symfony 5.3 this config was added to the default security config in order to enable the `auto` password hasher for all user classes that implement this interface (see symfony/recipes#981) - which `Contao\User` also implements. I think we should do the same in the `contao/managed-edition`. This way you don't have to define this yourself in case you are using HTTP Basic Authentication for some controller outside Contao's own firewalls. For instance, in [this example](contao/contao#6220 (comment)) the line ```php $extensionConfig['password_hashers'][InMemoryUser::class] = 'auto'; ``` could be omitted then. Commits ------- 84c6d47a set auto password hasher to auto for all ab0a6719 also set password hasher for Contao\User specifically 593d2448 update README and test config
Thanks to all! |
Affected version(s)
5.x
Description
Since symfony 6.3 an error is thrown when starting a session in stateless routes.
see: https://github.com/symfony/symfony/blob/431d32156c814fdc255be46445032ca612e908dc/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L213
Since Symfony 6.3, routes are automatically defined as stateless if stateless is also defined in the firewall.
see: https://symfony.com/doc/current/reference/configuration/security.html#stateless
So if a valid backend session is active and you define a route or a firewall with, e.g. own scope and define it as stateless and dispatch an event in the Controller, an error occurs because the PreviewListener starts a session.
EDIT:
You can recreate this by doing a debug_backtrace in onSessionUsage() in DebugMode in Symfony\Component\HttpKernel\EventListener\AbstractSessionListene, defining the route as stateless and dispatch an event in your controller.
This happens, when you are logged into the Contao backend and use an API-Endpoint with stateless Route via a JS application under the same domain.
Actually it's not the PreviewToolbarListener itself but the token checker in the method hasBackendUser().
see:
contao/core-bundle/src/EventListener/PreviewToolbarListener.php
Line 47 in e0c479f
So what do you think? Should be considered in the PreviewToolbarListener if routes are stateless? Otherwise it will be difficult to build stateless API endpoints...
Thanks and Greetings
The text was updated successfully, but these errors were encountered: