prod 环境中的 Ajax 请求导致访问被拒绝(用户未完全通过身份验证) [英] Ajax request in prod environment causes Access is Denied (user in not fully authenticated)

问题描述

我使用的是 Symfony 2.3，但我的生产服务器出现问题.

I'm using Symfony 2.3 and I have a problem on my production server.

在生产环境中，所有 AJAX 请求都失败了(我不明白是什么机会)，这会发生(并非总是如此).在 prod.log 我有:

It happens (not always) that (I did not understand what opportunities) in the production environment all AJAX requests fail. In prod.log I have:

security.INFO: Populated SecurityContext with an anonymous Token [] []
[2013-08-08 16:03:28] security.INFO: No expression found; abstaining from voting. [] []
[2013-08-08 16:03:28] security.DEBUG: Access is denied (user is not fully authenticated)      by  "/var/www/clients/client1/web1/web/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 73; redirecting to authentication entry point

如果我在 prod 环境中刷新页面(在 ajax 错误之后)，什么也没有发生.我仍然登录.但 ajax 失败并出现相同的错误.如果我切换到 app_dev.php，错误就会消失并且 AJAX 可以工作.

If I am in prod environment and I refresh the page (after the ajax errors), nothing happens. I'm still logged in. But ajax fails with same errors. If I switch to app_dev.php the errors disappear and AJAX works.

(ajax 路由在 game/* 模式下)

(The ajax routes is under game/* pattern)

这是我的配置:

jms_security_extra:
secure_all_services: false
expressions: true

security:
    encoders:
        Gdr\UserBundle\Entity\User: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    database:
        entity: { class: GdrUserBundle:User, property: email }

firewalls:
    secured_area:
        pattern:    ^/
        form_login:
            check_path: /login_check
            login_path: /login
            success_handler: authentication_handler
        logout:
            path:   /logout
            target: /
            success_handler: authentication_handler
            invalidate_session: true
        anonymous: ~

access_control:
    - { path: /game/*, roles: ROLE_USER }
    - { path: /login/choose-character, roles: ROLE_USER }
    - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY}
    - { path: /logout, roles: ROLE_USER }
    - { path: /admin/*, roles: ROLE_ADMIN }

######Config.yml
framework:
session:
    cookie_lifetime: 0
    save_path: "%kernel.root_dir%/Sessions/"
    cookie_httponly: false
   # save_path: ~

我使用 firebug 记录的每个 ajax 请求都会发送一个 302 标头以重定向到登录.如果我尝试在没有 AJAX 的情况下访问该 url，它会起作用.没有 302 码.

Every ajax request that I log with firebug send a 302 header to redirect to login. If I try to access without AJAX to the url, it works. No 302 code.

有什么想法吗?

推荐答案

我发现了问题.

问题是我使用的是带有www"的绝对网址，即 www.mydomain.com，但 cookie 主机没有www".

The issue was that I was using absolute urls with 'www' i.e. www.mydomain.com, but the cookie host was without 'www'.

现在使用相对网址就可以了.谢谢大家:)

Using relative urls now is all fine. Thanks all :)

最后我在这里找到了我的解决方案:Symfony, jQuery.ajax() 调用，会话变量丢失

I found here my solutions, at the end: Symfony, jQuery.ajax() call, session variables lost

这篇关于prod 环境中的 Ajax 请求导致访问被拒绝(用户未完全通过身份验证)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！