Error : Session was used while the request was declared stateless

Question

Error : Session was used while the request was declared stateless

1.3k Views Asked by mauriau At 29 August 2023 at 07:50

when I try to connect with route api/login_check, I had this issue Session was used while the request was declared stateless.

If I passed stateless to false in the config it's ok. But I dont want this. I have to keep stateless to true. Can someone help me ?

security.yaml

    firewalls:
        login:
            pattern: ^/api/login
            stateless: true
            json_login:
                check_path: /api/login_check
                remember_me: true
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
        refresh_token:
            pattern: ^/api/token/refresh
            stateless: true
            refresh_jwt:
                # The corresponding route has been declared by the recipe
                check_path: /api/token/refresh
        api:
            pattern: ^/api/
            stateless: true
            jwt: ~
            entry_point: jwt
            logout:
                path: api_token_invalidate

lexik_jwt_authentication.yaml

lexik_jwt_authentication:    
    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
    pass_phrase: '%env(JWT_PASSPHRASE)%'
    user_identity_field: email
    token_extractors:
        authorization_header:
            enabled: true
            prefix: Bearer
            name: X-Authorization
    api_platform:
        check_path: /api/login_check
        username_path: email
        password_path: security.credentials.password

when@dev:
    lexik_jwt_authentication:
        token_ttl: 31536000 #1 year, no security need to expire in dev

I want to query the jwt from api/login_check route for my jest API tests

Original Q&A

There are 3 best solutions below

gblock On 03 November 2023 at 10:31

API requests should be stateless.

We had the same when upgrading to Symfony 6.3

Turned out we used the session in two event listeners (onInteractiveLogin, onKernelRequest) to set language etc.

Just add a check there to not use the session when request is stateless

    if ($request->attributes->getBoolean('_stateless')) {
        return;
    }

Mizanu Zelalem Degu On 29 March 2024 at 20:47

In Symfony 6.3, I appended this to the api_platform.yaml file and works fine.

stateless:false

**mauriau** · Accepted Answer · 2023-08-29T08:09:08.663000

mauriau On 29 August 2023 at 08:09 BEST ANSWER

I dont know if it's the good way, but I bypassed the statless in routes.yaml config and it's works

    api_login_check:
        path: /api/login_check
        stateless: false

Error : Session was used while the request was declared stateless

There are 3 best solutions below

In Symfony 6.3, I appended this to the api_platform.yaml file and works fine.

Related Questions in LEXIKJWTAUTHBUNDLE

Trending Questions

Popular # Hahtags

Popular Questions