The problem is that on other browsers, the session cookie for the web service is being retained, which means that when the user logs out, they are in fact still logged in to the Symfony site.
Is there a way to, for the web service part of the symfony site only, disable PHP session cookies, preferably in a Symfony2 friendly way (as opposed to, for example, messing with .htaccess)?
I still want a session, but will maintain it by passing a PHPSESSID variable myself in all the requests I make.
This might just be the thing you’re looking for. Have stateless firewalls:
In your security.yml
# app/config/security.yml security: firewalls: main: stateless: true