"your session has timed out or you have disabled cookies" from iPhone

[arthurquerou]

Hi,

We are trying to login from an iPhone app using AFNetworking and when we request the URL : "https://ourdomain.com/login_check?access_token=" with the access token obtained from the iOS Facebook SDK we get the error message "your session has timed out or you have disabled cookies". Though when we try to access in a desktop web browser, it works. Any idea why is this happening ?

[WishCow]

This is caused by the AbstractAuthenticationListener, in Symfony. It checks if you previously had a cookie before logging in (eg. have you even visited the site yet?), and if you did not, it throws an error.

We had the same problem with our Android clients, and I had to manually disable the check in vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php, line 127.

There is already a PR merged in into Symfony, that will make this configurable: https://github.com/symfony/symfony/pull/4776

[Codepadawan]

As of symfony 2.3, the issue can be avoided by setting require_previous_session: false in security.yml.

See: http://symfony.com/doc/current/reference/configuration/security.html http://stackoverflow.com/questions/9880943/symfony-authentication-cant-get-past-login-page-in-production/21725451#21725451