Let me give you a script. I have an AJAX call that calls / auth - this page, in turn, checks to see if the user is verified and sets a couple of session variables (code below).
$session = $this->getRequest()->getSession(); $session->set('fbid', $fbid); $session->set('name', $name);
Now, if I go to another page and try to access this session, it returns empty.
If I install these sessions on a regular page (not one of them is accessible via XMLHttpRequest / AJAX), it works fine.
Here are my session settings in config.yml :
session: cookie_lifetime: 3600 cookie_httponly: false
I thought the problem could be httponly , but it didnβt.
Any suggestions? Did I miss something?
* UPDATE *
Here are the security / firewall settings:
firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/demo/secured/login$ security: false secured_area: pattern: ^/demo/secured/ form_login: check_path: /demo/secured/login_check login_path: /demo/secured/login logout: path: /demo/secured/logout target: /demo/
I did not change the firewall settings at all, and from what I can say, it should not affect the /auth call through XMLHttpRequest.
* Update 2 *
I ended up adding $session->shutdown() after two sets (and yes, I know that shutdown is not a Session object method). The result was an error message, but because of this, it started working, and it actually saved it in $ _SESSION. So, if this error made it save up to $ _SESSION, there must be an actual method that forces saving. Really strange ..