Answer the question
In order to leave comments, you need to log in
Symfony2 how best to implement your session mechanism?
As a developer of applications for social networks, I encountered the problem of initializing the session in an iframe in some browsers (for example, Safari, where there is no normal solution to the problem, and Safari users cannot be ignored).
It was decided to refuse session cookies and do otherwise.
Solution options
- pass session ID in GET parameters (you will have to substitute it in each form and URL)
- pass session ID in headers (you will also have to pass it with each request, but without additional parameters in the URL)
- implement your own mechanism (but the transfer remains the same GET or Headers, and affects other aspects of the Symfony framework2)
Are there any practices for solving such issues?
Answer the question
In order to leave comments, you need to log in
1) session ID in any case will have to be passed in each request, in headers, URIs or cookies - it doesn’t matter. The easiest way is in the URI, but it's also not secure ... probably ... if you regenerate often, then it can be normal.
2) What other aspects are actually affected? Put the processing of this case in onRequest and onResponse (http middleware) and do whatever you want with requests and responses. Your application won't even know anything. And you can somehow redefine the service for working with sessions.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question