Symfony 2.1 Security Cross Subdomain

Question

Running Symfony 2.1 on an application and we have different sandboxes of the code. Eg.

• aequasi.someurl.com
• dev.someurl.com
• hotcarl.someurl.com

I cant seem to figure out why, but when im logged into aequasi, and i go to hotcarl, i need to log in again. When i do, it logs me out of aequasi.

All sandboxes are using the same database for auth

i have this in my config.yml:

framework:
    session:
        cookie_domain: .someurl.com
        domain:        .someurl.com

ive got the php.ini set up to use the same url too

also, the session_id's are the same

Answer 1

Use a database, or memory as the Session storage. This allows you to share session data across three different symfony applications (each with their own sandbox). This will remove the inconsistencies between application caches and allow you to use a *.domain.com type cookie.

Symfony2 provides several drivers for alternative session storage.

http://symfony.com/doc/current/components/http_foundation/session_configuration.html#custom-save-handlers