Session lost during impersonation

感情迁移 提交于 2019-12-19 03:36:05

问题


I use SonataAdminBundle with configured sonata_user in config.yml:

sonata_user:
    impersonating:
        route:        _profile_logged
    # more config

I have my admin panel under /admin prefix. I've configured UserAdmin (based on User entity) with impersonating field. I've tried to go to impersonate user by clicked link in my admin panel and I saw application (not admin panel) login page.

I checked developer toolbar and I noticed that request for impersonate user was redirected to login page. It's quite strange, because this request has mostly same parameters like previous one (for user list in admin panel). Especially Request Cookies section is identical.

I noticed one difference in Request Headers: first one request (for user list in admin panel) send cache-control max-age=0 but second one (for impersonate) dosen't.

Obviously, I logged to admin panel on user with full permissions (particularly ROLE_ALLOWED_TO_SWITCH).

So, how can I do impersonate directly from admin panel? What could be wrong in my app?


回答1:


Can you try using config.yml:

sonata_user:
    ...
    impersonating:
        route:                sonata_admin_dashboard

And in security.yml:

security:
    ...
    firewalls:
        ...
        admin:
            ...
            switch_user:        true

These work for me.




回答2:


I detected a problem:

4. Multiple firewalls don't share security context form docs: http://symfony.com/doc/current/book/security.html#book-security-common-pitfalls

And found sollution:

Firewall Context from docs: http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context

So, define firewall context is necessary if you have separate firewall for application and admin panel.



来源:https://stackoverflow.com/questions/17987945/session-lost-during-impersonation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!