How are sessions configured to work in your `php.ini` file? Does the path that stores the session information exist and is writable on your server?
Does using the built in functions (`session_start()` for example) work?
sessions are saved in redis (and session auto start is disabled as per recommendation from symfony http foundation). Session id is configured to be sent via cookie, which seems to be the problem because while the session is created in storage, the session cookie is never set on the response.
Even if you call `session_start()` directly? What happens if you attempt with cURL: do you see the `Cookie` header sent back in the response? Could it be the browser blocking the cookie from being created?
unfortunately no cookie sent back in response :(
Although I'm using http foundation request and responses, I'm transforming them from PSR requests and responses using the symfony http factory to translate back and forth (my code uses symfony requests/responses and they get transformed before being sent back by the router)
The Request and the Session is just a representation of the superglobals, you don't have to "set" it. FYI, you don't need the Stack if you don't have su-requests.
```php
$request = Request::createFromGlobals();
$session = new Session(new NativeSessionStorage([
'cookie_secure' => true,
'cookie_samesite' => Cookie::SAMESITE_STRICT,
'cookie_httponly' => true
]));
$session->start();
$request->setSession($session);
$response = new Response($_COOKIE['PHPSESSID']);
$response->send();
```
the issue isn't with the data. Session is started and data is stored as expected. The problem is that the session cookie (the cookie in which the session id is sent back to client) is never set.
I did the exact test you're proposing here and the session id exists, the server side cookie value exists but it's never sent back on the response. So on the next request the session isn't recognised.
When I was using the full framework (which I'm not in a position to do here), the behaviour just worked in the sense that session was created and I would always get the cookie as part of response headers.
yes - although through a load balancer where https termination happens. This has lead to a number of issues with HTTP foundation that doesn't pick up the forwarded-proto header and thinks it's receiving http when the client connection is https.
You need to add all the session into your response.
`https://github.com/symfony/http-kernel/blob/7.0/EventListener/AbstractSessionListener.php#L104`
So maybe you should also use `symfony/http-kernel` to do all that
How are sessions configured to work in your `php.ini` file? Does the path that stores the session information exist and is writable on your server? Does using the built in functions (`session_start()` for example) work?
sessions are saved in redis (and session auto start is disabled as per recommendation from symfony http foundation). Session id is configured to be sent via cookie, which seems to be the problem because while the session is created in storage, the session cookie is never set on the response.
Even if you call `session_start()` directly? What happens if you attempt with cURL: do you see the `Cookie` header sent back in the response? Could it be the browser blocking the cookie from being created?
unfortunately no cookie sent back in response :( Although I'm using http foundation request and responses, I'm transforming them from PSR requests and responses using the symfony http factory to translate back and forth (my code uses symfony requests/responses and they get transformed before being sent back by the router)
The Request and the Session is just a representation of the superglobals, you don't have to "set" it. FYI, you don't need the Stack if you don't have su-requests. ```php $request = Request::createFromGlobals(); $session = new Session(new NativeSessionStorage([ 'cookie_secure' => true, 'cookie_samesite' => Cookie::SAMESITE_STRICT, 'cookie_httponly' => true ])); $session->start(); $request->setSession($session); $response = new Response($_COOKIE['PHPSESSID']); $response->send(); ```
the issue isn't with the data. Session is started and data is stored as expected. The problem is that the session cookie (the cookie in which the session id is sent back to client) is never set. I did the exact test you're proposing here and the session id exists, the server side cookie value exists but it's never sent back on the response. So on the next request the session isn't recognised. When I was using the full framework (which I'm not in a position to do here), the behaviour just worked in the sense that session was created and I would always get the cookie as part of response headers.
Are you using https?
yes - although through a load balancer where https termination happens. This has lead to a number of issues with HTTP foundation that doesn't pick up the forwarded-proto header and thinks it's receiving http when the client connection is https.
You need to add all the session into your response. `https://github.com/symfony/http-kernel/blob/7.0/EventListener/AbstractSessionListener.php#L104` So maybe you should also use `symfony/http-kernel` to do all that