有没有办法阻止 Symfony2 为某些路径发送会话 cookie? [英] Is there a way to stop Symfony2 sending session cookies for certain paths?
问题描述
我正在将 Web 服务作为 Symfony2 站点的一部分来实现,该站点将使用来自另一个(静态)站点的 JSONp 和 iframe 进行访问.当用户使用 iFrame 登录时,Safari 不会保留会话,因此我使用 javascript 将会话 ID 存储在静态站点的 cookie 中,并将其传递回请求的 GET 或 POST 参数中,这工作正常.
I'm implementing a web service as part of a Symfony2 site that will be accessed using JSONp and iframes from another (static) site. When a user logs in using an iFrame, Safari doesn't keep the session, so I store the session ID in the cookies of the static site using javascript, and pass it back in the GET or POST parameters of requests, which is working fine.
问题是在其他浏览器上,Web 服务的会话 cookie 被保留,这意味着当用户注销时,他们实际上仍然登录到 Symfony 站点.
The problem is that on other browsers, the session cookie for the web service is being retained, which means that when the user logs out, they are in fact still logged in to the Symfony site.
有没有办法,仅针对 symfony 站点的 Web 服务部分,禁用 PHP 会话 cookie,最好以 Symfony2 友好的方式(而不是,例如,弄乱 .htaccess)?
Is there a way to, for the web service part of the symfony site only, disable PHP session cookies, preferably in a Symfony2 friendly way (as opposed to, for example, messing with .htaccess)?
我仍然想要一个会话,但会通过在我发出的所有请求中自己传递一个 PHPSESSID 变量来维护它.
I still want a session, but will maintain it by passing a PHPSESSID variable myself in all the requests I make.
推荐答案
这可能正是您正在寻找的东西.有无状态防火墙:
This might just be the thing you're looking for. Have stateless firewalls:
在您的 security.yml 中
In your security.yml
# app/config/security.yml
security:
firewalls:
main:
stateless: true
这篇关于有没有办法阻止 Symfony2 为某些路径发送会话 cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
