Fosuserbundle: Not setting authenticated user to session?

please paste your securtiy config

Note I'm trying to get FOSUser + Sonata all working at once, but I think the problem lies here?

I've tried a few relatively default configurations, this is what I came up with from following both sets of documentation:

security:
    acl:
        connection: default

    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        # SONATA:
        #     - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented

    firewalls:
        # -> custom firewall for the admin area of the URL
        admin:
            switch_user:        true
            context:            user
            pattern:            /admin(.*)
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /admin/dashboard
                target_path_parameter:          _target_path
                use_referer:                    false

                failure_path:   null
                use_referer:    true
            logout:
                path:           /admin/logout
                target:         /admin/login
            anonymous:    true
        # -> end custom configuration

        # default login area for standard users
        main:
            switch_user:        true
            context:            user
            pattern:            .*
            form_login:
                provider:       fos_userbundle

                # the user is redirected here when he/she needs to login
                login_path:                     /login

                # if true, forward the user to the login form instead of redirecting
                use_forward:                    false

                # submit the login form here
                check_path:                     /login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /
                target_path_parameter:          _target_path
                use_referer:                    false

                # login failure redirecting options (read further below)
                failure_path:                   null
                failure_forward:                false

                # csrf token options
                csrf_parameter:                 _csrf_token
                intention:                      authenticate

            logout:             true
            anonymous:          true
        # -> end default configuration


    access_control:
        # URL of FOSUserBundle which need to be available to anonymous users
        - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # -> custom access control for the admin area of the URL
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # -> end

        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

jms_security_extra:
    secure_all_services: false
    expressions: true

Not sure whether ACL is contributing to the problem? Or whether I need it, I just need users and admin users, no complex roles- disabling ACL an error atm however.

Checking through my log I found this:

[2012-07-05 15:12:50] security.INFO: User "steve" has been authenticated successfully [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "security.interactive_login" to listener "FOS\UserBundle\Security\InteractiveLoginListener::onSecurityInteractiveLogin". [] []
[2012-07-05 15:12:50] doctrine.DEBUG: UPDATE fos_user_user SET last_login = ?, updated_at = ? WHERE id = ? ([{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},1]) [] []
[2012-07-05 15:12:50] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2012-07-05 15:12:50] security.DEBUG: Write SecurityContext in the session [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\SecurityBundle\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2012-07-05 15:12:51] request.INFO: Matched route "sonata_admin_dashboard" (parameters: "_controller": "Sonata\AdminBundle\Controller\CoreController::dashboardAction", "_route": "sonata_admin_dashboard") [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-07-05 15:12:51] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2012-07-05 15:12:51] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/motoratings/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70; redirecting to authentication entry point [] []
[2012-07-05 15:12:51] security.DEBUG: Calling Authentication entry point [] []

It turns out the answer was simply to clear my browser's cookies, for some reason I had 2 PHPSESSID cookies set.. no idea how that's even possible?

My assumption is that this was due to fiddling with this, and maybe because I had 2 firewalls which I later stripped down to 1?

It seemed that Symfony was cycling the PHPSESSID cookies, every page hit it was changing, so any authentication was on a session that wasn't persisted to the next- and thus gave me the described problem.

Is there a legitimate reason there'd be 2 cookies set?.. Surely it's not even possible to have 2 cookies of the same name set? I didn't investigate it properly before clearing them, I guess that must have had different paths or something?.. But yet they both seemed to be present on every request.

I started a simple application with Symfony 2.1 and implemented authentication without FOSUserBundle (just the authentication described on http://symfony.com/doc/current/book/security.html) and I have the same issue.

When logging in with the correct credentials, a second PHPSESSID cookie is created (I have therefore 2 cookies with the same name) and I'm redirected to the login page. My log is pretty much the same ("Access is denied (user is not fully authenticated)").
Of course I can clear the cookies and it works fine, but it can happen again later.

As far as I can see it only happens during development and probably won't ever happen in production unless you make significant changes to security/firewall rules. I've only had it once since and it was whilst I messing with a few things.

I have the same problem. If I enable default session handler (file) and disable session.handler.pdo the problem dissapear.

I have added a relationship between fos_user and a new entity customer.

I have found other people with the same problem:
http://stackoverflow.com/questions/20516441/symfony2-security-token-context-lost-after-succesful-authentication-session-are
http://stackoverflow.com/questions/17477561/losing-authenticated-token-in-symfony

Just for reference / help, this error happened to me when I added translations to my route (but forgot to update the security routing regex).

2 years later... I had this problem as I had 2 cookie session variables, one on a subdomain (.subdomain1.domain.com) and one on the domain (.domain.com), leading to a conflict.
Problem solved a looong time ago then!

I had the same problem.

See pieces of my log (app/logs/dev.log):

...
[2014-12-09 13:10:09] security.INFO: User "admin" has been authenticated successfully [] []
...
[2014-12-09 13:10:09] security.DEBUG: Write SecurityContext in the session [] []
...
[2014-12-09 13:10:10] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2014-12-09 13:10:10] security.INFO: No expression found; abstaining from voting. [] []
[2014-12-09 13:10:10] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2014-12-09 13:10:10] security.DEBUG: Access is denied (user is not fully authenticated) by "/Users/leandro/Sites/projectname/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70; redirecting to authentication entry point [] []
[2014-12-09 13:10:10] security.DEBUG: Calling Authentication entry point [] []
...

My problem was with the session handler in the app/config/config.yml, try with this:

...
framework:
...
    session:
        handler_id: ~ 
...

If this works, you found the problem and can fix it.

http://stackoverflow.com/questions/23862128/symfony2-access-is-denied-user-is-not-fully-authenticated