I have configured my web server in this way:
<VirtualHost *:80>
ServerName example.loc
ServerAlias www.example.loc
DocumentRoot /var/www/example/web
<Directory /var/www/example/web>
AllowOverride All
Order allow,deny
Allow from All
</Directory>
ErrorLog /var/log/apache2/project_error.log
CustomLog /var/log/apache2/project_access.log combined
The problem is that if I go to example.loc and I login and then I access www.example.log the session is not shared.
it is as if accedessi to a completely different site!
This is my configuration security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
switch_user: true
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: fos_user_security_login
check_path: fos_user_security_check
default_target_path: reserved_area_index
logout:
path: fos_user_security_logout
target: homepage
anonymous: true
access_control:
- { path: ^/[^/]+/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[^/]+/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[^/]+/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/[^/]+/reserved_area, role: IS_AUTHENTICATED_FULLY }
Why does this happen?
You have to set the cookie domain in config.yml:
framework:
session:
cookie_domain: .example.loc