Important

You are browsing the documentation for version 4.2 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Security Support ends in January 2024. Read version 5.0 (the latest LTS version) of the Oro documentation to get the updated information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Configure Stateless Security Firewalls

Symfony allows creating stateless firewalls. In this case, the security token is not serialized for a session.

However, when API calls are utilized in AJAX requests from the UI, the user’s token data from the current session must be used instead of the firewall credentials (e.g. WSSE headers). To do this, the firewall should have the context parameter with the context name that the system can use to authenticate the user.

For example:

security:
    firewalls:
        some_stateless_firewall_with_AJAX_requests:
            stateless: true
            context:   main
            # ...