configuration

config/packages/framework.yaml

@@ -2,14 +2,22 @@
 framework:
     secret: '%env(APP_SECRET)%'
     #csrf_protection: true
+    http_method_override: false
     handle_all_throwables: true
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
-        handler_id: null
+        enabled: true
+        handler_id: 'session.handler.native_file'
         cookie_secure: auto
         cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
+        # Timeout für nicht aktive Sitzungen (in Sekunden)
+        gc_maxlifetime: 3600
+
+        # Dauer, für die der Cookie gesetzt wird (in Sekunden)
+        cookie_lifetime: 3600
 
     #esi: true
     #fragments: true

config/packages/security.yaml

@@ -13,18 +13,27 @@ security:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
-        api:
-            pattern: ^/api/
+        auth:
+            pattern: ^/api/auth
             stateless: true
-            provider: app_user_provider
-            jwt: ~
-        main:
             json_login:
-                check_path: /auth # The name in routes.yaml is enough for mapping
+                check_path: /api/auth
                 username_path: email
                 password_path: password
                 success_handler: lexik_jwt_authentication.handler.authentication_success
                 failure_handler: lexik_jwt_authentication.handler.authentication_failure
+        api:
+            pattern: ^/api/
+            stateless: true
+            provider: app_user_provider
+            jwt: ~
+        main:
+#            json_login:
+#                check_path: /auth # The name in routes.yaml is enough for mapping
+#                username_path: email
+#                password_path: password
+#                success_handler: lexik_jwt_authentication.handler.authentication_success
+#                failure_handler: lexik_jwt_authentication.handler.authentication_failure
 
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used