I have been hit with a very strange situation during these last 2 days. I have a custom security listener and provider that sends some emails to the user and the user's "godfather" when registering. Immediately after registering, the user is redirected to his personal area. The problem arises when from time to time, the user is logged out when redirected.

Digging into the code, I can clearly see that the session is totally empty after the redirect, so no information about the user token is present. However, when I reload the page the session is perfectly filled and the user becomes logged in again. So I assumed that the session was still not written to disk (using native php file handler) when the user was redirected!

So here is what I found out. When sending emails with the default SF mailer (Swift) some bg processing must be kept somewhere. I am using nginx + php-fpm so the fastcgi_finish_request function is called and the page is immediately flushed. But as there must be some kind of bg processing, the session is still not written to disk when the next request coming from the redirect hits the server and the session is empty.

Comenting fastcgi_finish_request function call or not sending the emails seems to fix the problem so it has to be some problematic combination of those 2 things...but who knows!

Any ideas?