问题
I'm using a flash component in my symfony2 application which uploads multiple images, and when they reach the server I want to re-open the session so that I can store the image in a location relative to the logged in user. I am sending the PHP session ID with each file upload...
In vanilla PHP I can achieve this along the lines of...
session_id($originalSessionId);
session_start();
but is there a symfony2 way of doing this using the security context?
EDIT: This is a similar question, although I want to maybe create some kind of token based login by passing a token and securing the upload URL with a separate firewall.
回答1:
First, you need to create your own session storage class like the following:
<?php
namespace Elao\BackBundle\Session;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\SessionStorage\NativeSessionStorage;
class Storage extends NativeSessionStorage
{
public function __construct(array $options = array(), ContainerInterface $container)
{
$request = $container->get('request');
if ($request->query->has('sessionId')) {
$request->cookies->set(session_name(), 1); // We have to simulate this cookie, in order to bypass the "hasPreviousSession" security check
session_id($request->query->get('sessionId'));
}
return parent::__construct($options);
}
}
Then, you must redefine the default one (in your config.yml for example):
parameters:
session.storage.native.class: ElaoBackBundleSessionStorage
services:
session.storage.native:
class: %session.storage.native.class%
arguments: [%session.storage.options%, @service_container]
回答2:
I ran into the same issue when using SWFUpload to allow for multiple-file uploads. What I did was modified app[_dev].php:
if (array_key_exists(ini_get('session.name'), $_GET)) {
$_COOKIE[ini_get('session.name')] = $_GET[ini_get('session.name')];
}
In the view, I set the upload url to
{{ path('...') }}?{{ session.name }}={{ session.value }}
And in the controller calling this view,
return $this->render('...html.twig', array(
'session' => array(
'name' => ini_get('session.name'),
'value' => session_id(),
),
));
Hope this helps!
回答3:
As you probably know Symfony routes all requests to app or app_dev.php. I would add a rewrite rule for the upload page to a new php file, here if the session id is in the $_GET variables set it as a $_COOKIE then include app.php or app_dev.php.
You could also save the files, on success have the user send an ajax call to the server which than associates those files with the user.
Let me know if you figure out a solution that is less of a hack.
回答4:
Why do you want this? Session id should be the same when user uploads images and when he is redirected to the page, that process them. Symfony autostarts your session usually.
来源:https://stackoverflow.com/questions/8112151/how-to-correctly-reopen-a-session-using-symfony2