Sharing Session between symfony and wordpress

[Louis94]

It's not really an issue, as it is actually something I'm trying to understand. With this bundle I was able to log in, in the symfony secured area using username/password from my wordpress installation. Here is my question, is it possible to share the login session between symfony and wordpress using this bundle? What I mean is, can i login on wordpress, and go to the secured area of symfony and found myself already logged in?

[kayue]

@Louis94 This is possible, but a bit difficult to config. Any only tested with WordPress 3.

You have to config the following in config.yml

    # The following configuration only needed only when you use WordPress authentication. 

    # Site URL must match *EXACTLY* with WordPress's setting. Can be found
    # on the Settings > General screen, there are field named "WordPress Address"
    site_url:       'http://localhost/wordpress'

    # Logged in key and salt. Can be found in the wp-config.php file.
    logged_in_key:  ':j$_=(:l@8Fku^U;MQ~#VOJXOZcVB_@u+t-NNYqmTH4na|)5Bhs1|tF1IA|>tz*E'
    logged_in_salt: ')A^CQ<R:1|^dK/Q;.QfP;U!=J=(_i6^s0f#2EIbGIgFN{,3U9H$q|o/sJfWF`NRM'

And then config security.yml, see https://github.com/kayue/KayueWordpressBundle/blob/master/README.md#wordpress-authentication

In monolog it will show why it failed to login.

[kayue]

The source code is here: https://github.com/kayue/KayueWordpressBundle/blob/master/Security/Http/WordpressCookieService.php#L61-L90

Few common reason why failed:

• Site url doesn't match with WordPress. It must match with WordPress's settings in order to retrieve the correct cookie name, otherwise you will see cookie not detected.
• logged_in_key and logged_in_salt must match. It is required to verify the cookie content.

[Louis94]

Thank you very much for you answer! I was able to get it work with wordpress 3! (Didn't work out with wordpress 4, was just able to authenticate but not share the login session)

I noticed that the logout doesn't work as I expected to. From what I was able to see, it just redirect me to the login page, but the cookie session is still alive and if I try to access directly the secured area, it let me. (Also, i'm still logged in on wordpress)

So, what I wanted to ask you, is there a way to log out in wordpress by logging out in symfony? (I noticed the WordpressCookieClearkingLogoutHandler, so I guess that there's should be a way, but I don't understand when is it called. By the way, i have setup everything on the Acme Demo Bundle, so no customized bundle)

[kayue]

It should be called when you logout in Symfony. (If you logout in WordPress, it won't reflect in Symfony, because Symfony rely on session instead of cookie)

Can you check is WordpressCookieClearingLogoutHandler being called when logout? It suppose delete some cookie.

[Louis94]

I don't think so. In the log i can see that it call the logoutAction, it then read the SecurityContext from the session and reload the user from the user provider. Following that, is a query that it probably select the same user again and it continue by saying that the username "luigi" was reloaded from user provider

Here the log: (part of it of course) [2015-02-25 14:06:25] request.INFO: Matched route "_demo_logout" (parameters: "_controller": "Acme\DemoBundle\Controller\SecuredController::logoutAction", "_route": "_demo_logout") [] [] [2015-02-25 14:06:25] security.DEBUG: Read SecurityContext from the session [] [] [2015-02-25 14:06:25] security.DEBUG: Reloading user from user provider. [] [] [2015-02-25 14:06:25] doctrine.DEBUG: SELECT t0.ID AS ID1, t0.user_login AS user_login2, t0.user_pass AS user_pass3, t0.user_nicename AS user_nicename4, t0.user_email AS user_email5, t0.user_url AS user_url6, t0.user_registered AS user_registered7, t0.user_activation_key AS user_activation_key8, t0.user_status AS user_status9, t0.display_name AS display_name10 FROM wp3_users t0 WHERE t0.ID = ? ["1"] [] [2015-02-25 14:06:25] security.DEBUG: Username "luigi" was reloaded from user provider. [] []

[Louis94]

I have just checked the case when you logout from wordpress, and it seems that it actually also log you out from symfony as well. Not sure if it is as you intended.

[kayue]

@Louis94 Oh you are right. In the following line it will check for WordPress cookie on every request. I forgot I did it already.

https://github.com/kayue/KayueWordpressBundle/blob/master/Security/Firewall/WordpressListener.php#L73

I am not sure why logout handler isn't being triggered. I think you can try to debug the following files..

• Logout handler is registered at: https://github.com/kayue/KayueWordpressBundle/blob/10dae7091e11f25d3533c4d993b20e5c72fd463f/DependencyInjection/Security/Factory/WordpressFactory.php#L73-L82
• The actual method that remove the WordPress cookie: https://github.com/kayue/KayueWordpressBundle/blob/master/Wordpress/AuthenticationCookieManager.php#L130-L141

[Louis94]

Fixed everything! It was something in my config file that I wrongly configured (I configured cookie_domain to localhost instead of null). It now work perfectly! Thank you for your time!

[kayue]

:+1: