2

I have a jQuery AJAX request :

    $.ajax({
        type: "POST",
        url: 'http://xbo.dev/ajax/login_ajax',
        dataType: 'json',
        data: {
            _username: $('#_username').val(),
            _password: $('#_password').val()
        }
    }).done(function (data) {
        console.log(data);
    }

And a PHP controller :

    public function loginAjaxAction() {
        $request = $this->get('request');

        $success = false;
        $responseCode = 300;
        $authorizedHostsDev = array('xbo.dev');

        if ($request->isMethod('POST') && ($request->isXmlHttpRequest() || in_array($request->headers->get('host'), $authorizedHostsDev))) {
            $user = $this->get('fos_user.user_manager')->findUserBy(array('username' => $request->request->get('_username')));

            if ($user) {
                $encoderManager = $this->get('security.encoder_factory');
                $encoder = $encoderManager->getEncoder($user);
                $encodedPass = $encoder->encodePassword($request->request->get('_password'), $user->getSalt());

                if ($user->getPassword() === $encodedPass) {

                    if ($user->getExpiresAt() < new \DateTime()) {
                        $responseCode = 500;
                    } else {
                        $this->userAuthentication($user);

                        $responseCode = 200;
                        $success = true;
                    }
                } else {
                    $responseCode = 400;
                }
            }

        }
        $return = json_encode(array('responseCode' => $responseCode, 'success' => $success));
        return new Response($return, 200, array('Content-Type'=>'application/json'));
    }

If I execute this AJAX request from xbo.dev, I have this result in the console.log(data) :

{"responseCode":200,"success":true}

After that, I'm redirected and I'm logged in.

If I execute this AJAX request from subdomain like blog.xbo.dev, I have the same result in console.log(data) but, when the page is refreshing, I'm not redirected (I stay on the connection page) and it seems that my login action is not made (still can enter my ids to connect).

How can I change this behavior ?

Thanks

EDIT : I just added one test, to know if I was connected in the moment, in the PHP controller. Indeed, even after the AJAX request from blog.xbo.dev, $responseCode is 1000. The test :

if ($this->getUser()) {
    $responseCode = 1000;
} else {
    $responseCode = 200;
    $success = true;
}

EDIT 2 : Here is the code of the userAuthentication method :

private function userAuthentication(UserInterface $user) { 
    $providerKey = 'main'; // firewall name
    $token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());

    $this->container->get('security.context')->setToken($token);
}
Improve this question
5
  • what does the debug bar say at the bottom, are you logged in as the user? Commented Nov 23, 2015 at 10:23
  • With xbo.dev, yes, but with blog.xbo.dev, I'm still anonymous. Commented Nov 23, 2015 at 10:24
  • when you try to log in from blog.xbo.dev, you're not logged in on BOTH xbo.dev and blog.xbo.dev is that right? Commented Nov 23, 2015 at 10:38
  • Yes, that is right, but if I try to log in from xbo.dev, I'm logged in on both xbo.dev and blog.xbo.dev Commented Nov 23, 2015 at 10:41
  • @deeznutz : I just edited my question with one test. Commented Nov 23, 2015 at 10:51

1 Answer 1

Reset to default
1

Here is a solution I found.

I figured out that from my subdomain blog.xbo.dev, my PHP controller couldn't set the cookie for my authenticated user.

So, I just thought about it and decided to specially create a different route for my subdomain.

I precised the host parameter in my routing.yml.

So, I have one route called with host: blog.xbo.dev and the second one called with host: xbo.dev. Both of the 2 routes target the same PHP controller function (loginAjaxAction) and it works perfectly.

Hope this will help.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.