User session is gone after redirect in onAuthenticationSuccess

[andrzejdziekonski]

Symfony FOSUserBundle versions:

friendsofsymfony/user-bundle         v2.1.2 Symfony FOSUserBundle
symfony/security-bundle v4.4.11 Symfony SecurityBundle
symfony/security-core   v4.4.11 Symfony Security Component - Core Library
symfony/security-csrf   v5.1.3  Symfony Security Component - CSRF Library
symfony/security-guard  v4.4.11 Symfony Security Component - Guard
symfony/security-http   v4.4.11 Symfony Security Component - HTTP Integration

Description of the problem including expected versus actual behavior: After upgrading my application from 3.4 to 4.4 i got login issue. During successful authorization i can debug and see correctly all the user information from session token in onAuthenticationSuccess() function of my LoginSuccessHandler class which is passed to fos_user via config. The function returnse redirectResponse and in the provided route session token is gone and user is annonymous so in fact i login successfuly then somehow invalidate my session and i am back to login page. Any tips how can i track where i lose my session info? I tried both redis session storage and local native_file with no success.

I can provide some logs from profiler but i am not sure which are relevant.

Here is my fos_user and security configuration

framework:    
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    serializer:
        enabled: true
    templating:
        engines: ['twig']
    default_locale:  "%locale%"
    trusted_hosts:   ~
    session:        
        handler_id:  session.handler.native_file        
        save_path:   "%kernel.root_dir%/../var/sessions/%kernel.environment%"
        cookie_lifetime: 31536000
        gc_maxlifetime: 31536000
        gc_probability: 1
        gc_divisor: 1
    fragments:       ~
    http_method_override: true
    assets:
        version: '%assets_version%'
        version_format: '%%s?v=%%s'
        packages:
            arrow_chat:
                version: ''
                version_format: ''
    translator: ~

main:
            pattern: .*
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
                success_handler: app.login_success_handler
                failure_handler: app.login_failure_handler
                require_previous_session: false
                always_use_default_target_path: true
                default_target_path: /
            switch_user: { role: ROLE_USER, parameter: _impersonate_user }
            logout_on_user_change: false
            logout:
                handlers: [app.logout_success_handler]
            anonymous:    true
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

[adKabyle]

did you find the solution for this problem? I have the same !!

[IrisExt]

did you find the solution?

[andrzejdziekonski]

Yes, i found the reason. My User class implemented Equatable and my equalTo method did not work the same way it used to in legacy version of php/symfony. So when function returned false here i was immidiately logged out. I refactored the method and it works perfectly.

From my research similiar behaviour is related to wrong serialization/deserialization so you might check this area.