Symfony 4 - User becomes null on callback from external API service

Question

On Symfony 4, when catching a callback route from any external API service (in this case - Shopify API), my logged in user becomes anon.

• (HTTP): Everything works when testing on localhost
• (HTTPS): However, my logged in User becomes null / Anonymous when testing on my remote server (prod).

How do I fetch my logged in user after catching a callback route from any API service? I think it could be a problem with either HTTP vs HTTPS or some Symfony settings.

---

On Shopify API dashboard - Allowed redirection URL(s):

http://localhost:8000/shopify/callback
https://<myremoteip>.com/shopify/callback

---

Symfony Controller Route (for Shopify callback):

/**
* @Route("/shopify/callback", name="shopify_callback")
*/
public function shopify_auth_callback(Request $request)
{
    dd($this->getUser());
}

---

Callback Result (localhost):

App\Entity\User {#977 ▼
   -id: 103
   -email: "[email protected]"
}

---

Callback Result (remote):

null

Answer 1

The problem was that I was creating a new session before navigating to a remote URL.

Advice for future readers - make sure you're always on the same session, which you can fetch from the Request.

Avoid doing this:

$session = new Session();

Answer 2

I had the same issue but with the Google Oauth system. I just changed the cookie samesite policy in framework configuration from 'strict' to 'lax' and it solved my issue

Now I can keep the user logged in after api redirection

framework:
  session:
    enabled: true
    cookie_secure: 'auto'
    cookie_samesite: 'lax'
    cookie_lifetime: 86400