How to disable session creation when calling api methods in Symfony?

A

Alexey Anisimov2017-07-31 05:43:31

bash

Alexey Anisimov, 2017-07-31 05:43:31

Good afternoon.
The Symfony 2.8 project has an admin panel (/admin route) and an api (/api route). For api jwt is used.
It is required to make sure that sessions are not created when calling the api method (creating sessions only for the admin panel)
There is also such a problem:
1. I went to the admin panel under the admin
2. Called the api method, without an authorization token (for example, /api/article/1)
3. The admin session crashes, you need to re-enter the admin panel
Has anyone faced a similar task? How can I disable sessions for api?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Kuznetsov, 2017-07-31
@DarkRaven

In general, all API methods must have their own security firewall, for example through the same JWT.
The LexikJWTAuthenticationBundle in the configuration shows this well.

security:

    # ***
    
    firewalls:
    # ***
        refresh:
            pattern:  ^/api/v1/token/refresh
            stateless: true
            anonymous: true
    # ***
        api:
            pattern:   ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

Also, the order of firewalls is important, my API goes above the main one.