Resources Web Development

How to view Symfony 5+ FosJsRoutingBundle routes

I can never remember this command. However, now that I am creating more AJAX and exposing endpoints I need this command more often.

This command is found in the docs too. But I can never remember where, so I will write about it here.
The command to view how FosJsRoutingBundle views your routes.

php bin/console fos:js-routing:debug

This will list something like this for you.

 Name                  | Method | Scheme | Host | Path                   |
| menu                  | GET    | ANY    | ANY  | /menu                  |
| alias_exists          | ANY    | ANY    | ANY  | /alias_exists          |
| email_exists          | ANY    | ANY    | ANY  | /email_exists          |
| get_image_collections | GET    | ANY    | ANY  | /get_image_collections |
| save_user_image       | POST   | ANY    | ANY  | /save_user_image       |
| get_user_image_data   | GET    | ANY    | ANY  | /get_user_image_data   |

Isn’t that pretty.This is not dynamically updated. You need to re-output your routes to the file FosJSRoutingBundle expects them to be in, so that when it creates a route it matches. I need to write an article about how to do only that. For now scroll to the bottom of the following article. How to get URL Routes in your Javascript in Symfony 5+

But if you don’t update your routes they won’t match the above output and your routes will fail when you use FosJS. Mine seemed to just redirect to my current page. Your setup/configs may differ.

Resources Web Development

How to view Symfony routes

I often need to view my current routes and how the Symfony kernel views them. This usually happens when I am adding new routes, I end up getting conflicts and have to resolve them by viewing what exists etc.

The command to view your routes is really simple. Open your console and navigate to your projects main directory and type the following command to see a list of all of your current Controllers routes.

php bin/console debug:router

That will output a list of all of your routes. Something like this

user_settings                 GET        ANY      ANY    /user-settings                       
  profile_unavailable           GET        ANY      ANY    /profile-unavailable{page_data}      
  save_user_settings            POST       ANY      ANY    /save-user-settings                  
  _preview_error                ANY        ANY      ANY    /_error/{code}.{_format}             
  _wdt                          ANY        ANY      ANY    /_wdt/{token}                        
  _profiler_home                ANY        ANY      ANY    /_profiler/                          
  _profiler_search              ANY        ANY      ANY    /_profiler/search                    
  _profiler_search_bar          ANY        ANY      ANY    /_profiler/search_bar                
  _profiler_phpinfo             ANY        ANY      ANY    /_profiler/phpinfo                   
  _profiler_search_results      ANY        ANY      ANY    /_profiler/{token}/search/results    
  _profiler_open_file           ANY        ANY      ANY    /_profiler/open                      
  _profiler                     ANY        ANY      ANY    /_profiler/{token}                   
  _profiler_router              ANY        ANY      ANY    /_profiler/{token}/router            
  _profiler_exception           ANY        ANY      ANY    /_profiler/{token}/exception         
  _profiler_exception_css       ANY        ANY      ANY    /_profiler/{token}/exception.css     
  show_dash                     ANY        ANY      ANY    /admin                               
  tos                           GET        ANY      ANY    /app/pages/tos                       
  privacy                       GET        ANY      ANY    /app/pages/privacy                   
  block_user                    POST       ANY      ANY    /block-user                          
  unblock_user                  POST       ANY      ANY    /unblock-user                        
  blocked_users                 GET        ANY      ANY    /blocked-users                       

As you can see there are 5 columns. The first column is the routes name, tos for example. Here is how tos is declared in the Controller

* @Route("/app/pages/tos", name="tos", methods={"GET"})

The second column is what type of HTTP request is allowed POST, GET, HEAD etc. The next two columns are the Scheme and Host, dig in the docs under routing, I believe, if you want more info on those two. The final fifth column is the Path, this is what your URL should look like.

Resources Web Development

Fonts and icons resource list

Everything you need to know about web fonts – awesome article that explains what fonts are, how they work on the web and the history of how things have changed.

Google Fonts getting started page – Use some fonts for free from google fonts. Google now has icons too.

Resources Web Development

CSS links and resources

Setting Height And Width On Images Is Important Again – great article explaining how browsers operate on images with CSS and HTML sizing.

Cumulative layout shifts – this is when the content on your page shifts due to images, video or other content loading in the page.

Resources Web Development

How does login and authentication work in Symfony 5.*

This is basically just my notes at this time and what I have found. I’ll keep adding to it over time. I can never, ever for the life of me remember how this complicated BS works.

To learn that see the links section. Here is an excellent article about the files involved, the process etc.

If you are wanting to know the overview of how the Syfmony Authentication system works it is actually under Security here.

How it works overview.

This is only what I have found. I don’t know 100% how it works at this time.

First off a list of files involved in the login process. These are from running the standard Makers.

  1. The login form obviously app/templates/security/login.html.twig
  2. A security controller app/src/Controller/SecurityController.php
  3. A user Provider (freeking words) aka the User entity class app/src/Entity/User.php
  4. An Authenticator app/src/Security/LoginFormAuthenticator.php

When a user tries to login Symfony first calls LoginFormAuthenticator.php to check to see if the user is logged in/authenticated so the work is not done in the controller like most other actions.

To change, add, remove anything from the authentication process you make changes in the LoginFormAuthenticator.php methods. Unless it is done in configs, like multiple Authenticators. And some of this is controlled by configurations.

This authenticator is listed in the app/config/packages/security.yaml file under firewalls:main:guard:athenticators as

- App\Security\LoginFormAuthenticator

symfony firewall authenticator section

Every time a request is made the firewall will use the authenticator listed to try to authenticate the user. If authentication fails Symfony secretly behind the scenes tries other ways to authenticate the user as you can see in the image below. I haven’t found the info about this yet.

symfony guards
Secret guards attack

As you can see in the image above Symfony will try your guard you listed in the configuration file, but it also tries it’s own secret list of default authenticators. And seeing the above in my logs kept making me say WTF is this BS and why is it happening.

secret agent meme
shh it’s a secret

That has been my biggest complaint about Symfony, the docs and info are scattered all over, especially about Authentication.


I’ve literally had to hunt and peck and google and dig to find this info and figure out how the hell the system works. I hope this saves someone time.

For information about the login form see this article in the docs.

Here is a SymfonyCast with some good info, a bit has changed from version 4 to 5.3(current)

This is a new SymfonyCast for version 5 not even done yet. It has more info on WTF is going on.

Here is a  link in the symfony docs about authentication. I only find it minimally useful after creating my login system with makers. I’d like to see more about what happens each time a page is accessed etc. like what process is the system following?

Here is a link to symfony docs on how to create your own authenticator.

The best link I have found yet this info should be in the docs

Here is a really helpful article I finally found. It contains info that should be in the docs, like how the system works if you create it with makers, like probably 98% of the people out there. And basically how the system functions.

Resources Web Development

Symfony Session resources list

Plain session docs – This is the symfony documentation page about Sessions alone. This link shows the basic configuration and use of Sessions in Symfony. This also mentions not starting a session for Anonymous users and has links to other info about sessions.

Configuring Sessions and Save handlers – Symfony documentation link. This covers more about how to configure sessions and their Save Handlers. This is some of the better information about Sessions and how they work in Symfony. It covers the save handlers and more of the configuration information.

Session proxy examples – Symfony Documentation link. This covers how to create your own session handler. It also discusses how to encrypt session data with an example.

Framework configuration – Symfony documentation link. This covers many of the options for the security component of Symfony.

Store sessions in a database – Symfony documentation link that describes how to store session data in a database or Redis.

Session Management – Symfony documentation link. Explains how sessions are managed in symfony. Gives a good overview and important information about how symfony functions. It covers the functions symfony uses to replace PHP session functions and how to use them. This also covers the ways to work with sessions in Symfony. Oddly this covers Flash messages too.


Resources Web Development

Symfony errors and exception handling resources

How to customize error pages – Documentation page about how to create custom error pages.
How to Customize Access Denied Responses – specifically about how to customize access denied responses. This is useful for when you use voters to authorize a users access to content.

Resources Software Development

Ethereum Solidity programming links and resources.

Links and resources about Ethereum Solidity programming language.



Links and resources about Symfony firewall and authentication system

One thing you will want to do is view your current security settings to do so you use this command.
php bin/console debug:config security

Old symfony cookbook security entry – This is an ancient link to nearly the very beginning of symfony. This explains the mechanics of the Symfony security system if you are like me and just want to know how the hell this functions so you can feel confident in the system and be able to diagnose and fix issues.

More on Security – this is another ancient link like above, it explains the system.

Symfony cast covering
firewall and authentication and how it works. This has lots of info that should be directly in the documentation.

Security configuration reference -> not complete listing of some of the values you can set. If you run the debug:config command above you will see more values you can set, but good luck figuring out what they do.

How to restrict firewalls to a request -> symfony docs. This talks about using multiple firewalls and how the Symfony firewall system works like a waterfall trying one firewall after another until it finds one that works or uses the last  firewall listed. This also explains some of the options to the firewall. This basically shows how to use multiple firewalls.

Symfony cast about security – this covers the entire system. Some things have changed in version 5 but this is mostly correct and serves as a starting point.

Security user providers – Part of the Firewall/Authentication/Authorization system is something called security providers. User providers check the users identity from a session cookie to verify the user. This part of the documentation talks about how the firewall uses the User providers to authenticate the user after they have logged in.

Custom Authentication System with Guard (API Token Example) – talks about how to create a custom API token

Built-in Authentication Providers – documentation about the built in service providers.

Symfony Cast about gaurds – this is ancient from version 3, but it is helpful because it covers how the system is supposed to work or was supposed to.

The firewall and authorization – this covers how authorization works in the firewall system. It has a section at the bottom that explains how the firewall/authentication/authorization flow works.

Using the form_login Authentication Provider  – This explains how to create a login form and how the system processes it and authenticates the user.


A good video explaining how multiple authenticators work


Links and resources about Symfony Doctrine fixtures

Symfony cast page about fixtures.