Lets said I have a Symfony2 app that shares two main bundles: OneBundle and TwoBundle. OneBundle acts as a backend for administration purposes and TwoBundle is a RESTful API for externals.
Flow for OneBundle is the know for everyone: admin login, do stuff and logout or leave app open or close directly the browser or any other way to close the app, in this case session should be destroyed or garbaged as defined in config.yml (24 hrs expire date for sessions).
Now TwoBundle has a different flow: user login against Salesforce and get a token, that token is pass back to API endpoint and I create a new session for store the token and some other info, user logout or close the client app or something else and that session should be alive for a week not for 24 hrs as the firstone does.
Can the same Symfony2 app share two different sessions meaning one session for OneBundle and second for TwoBundle? Does PHP allow that? How do you deal with this business rules? Can I store one session as default save handlers and the other one as PdoSessionHandler?
It can be done by setting two firewalls in the security.yml file. One for "OneBundle" and the other one for your "TwoBundle" you can different security handler if you want (FOSUser for the first, Native for the second) so symfony security is really flexible.
[edit]
You can look at these pages in the symfony configuration: