-
-
Notifications
You must be signed in to change notification settings - Fork 609
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session was used while the request was declared stateless #1219
Comments
The related
|
You should check in your project if you try to read the session somewhere |
Related to #1143 |
Thank you for your reply. I hadn't seen this issue but I understood the same thing. |
But yes, I can close this issue. If you call a custom listener that uses
So, you have two options :
|
On my side, I ended by hacking Symfony code to add the path in the log message so I can easily find what was triggering them. And I found another bug in Symfony on logout that can trigger that session error, the PR is still under review here: |
I have a problem with
Symfony 7.0.6
andLexikJWTAuthenticationBundle 2.20.3
.Introduction
My application is divided into 3 parts (/bundles) :
I use
LexikJWTAuthenticationBundle
for the API authentication.Issue
I have a custom provider to authenticate API users.
When I try to access a public route in my API (for example
/api/login
), I don't get any error and the API returns a JWT token. If I try to access a private route in my API (a route that needs authentication) with an invalid JWT Token, I get this response :Finally, when I try to access a private route in my API with a valid JWT Token, I get this error :
Some issues on StackOverflow or here mention that this problem comes from calling
getUser()
from theRequest
when the firewall isstateless
.The stack trace doesn't mention any custom
Listener
where I callgetUser()
, but if I put add(...)
, my app stops on one of them (it's not important but I don't understand it either).The catched exception is
UnexpectedSessionUsageException
who is throw invendor/symfony/http-kernel/EventListener/AbstractSessionListener.php:224
:I don't get that point... What is the relation between calling
getUser()
from theRequest
and thedebug
environment value ?If I change my
.env
file to setAPP_DEBUG=false
, I no longer have the error.Could this have anything to do with the
Symfony Profiler
?Files
Below, my
security.yaml
:Below, my
UserProvider
:The text was updated successfully, but these errors were encountered: