问题
I'm implementing a web service as part of a Symfony2 site that will be accessed using JSONp and iframes from another (static) site. When a user logs in using an iFrame, Safari doesn't keep the session, so I store the session ID in the cookies of the static site using javascript, and pass it back in the GET or POST parameters of requests, which is working fine.
The problem is that on other browsers, the session cookie for the web service is being retained, which means that when the user logs out, they are in fact still logged in to the Symfony site.
Is there a way to, for the web service part of the symfony site only, disable PHP session cookies, preferably in a Symfony2 friendly way (as opposed to, for example, messing with .htaccess)?
I still want a session, but will maintain it by passing a PHPSESSID variable myself in all the requests I make.
回答1:
This might just be the thing you're looking for. Have stateless firewalls:
In your security.yml
# app/config/security.yml
security:
firewalls:
main:
stateless: true
来源:https://stackoverflow.com/questions/10353393/is-there-a-way-to-stop-symfony2-sending-session-cookies-for-certain-paths