I installed Thelia manually (via compressed archive) and set up my local server in a Vagrant box. Now when I go to login as the admin user I created during installation, I get:
| Please check your input: Missing or invalid data: The CSRF token is invalid. Please try to resubmit the form.
I traced the issue to the Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage class: $storage->hasToken() was returning false. I then discovered that no $_SESSION variables I was setting manually were persisting at all. For example, I inserted each of the following lines in the code before two consecutive form posts, respectively:
Also, if I add `die($data['$this->fieldName']);` inside CsrfValidationListener right before the Exception producing the error message is thrown, I get what sure as heck looks like a security token printed to the screen. So the token is definitely getting created; it's just not getting making it into the session.
I know sessions are working properly for other sites I'm running inside this same Vagrant box. So what I'm wondering is if Thelia is configuring a session handler behind the scenes that is trying to write to a file it doesn't have write permissions on, or something along those lines? To that end, I tried doing `chmod 777 project/path/local/session` but that didn't appear to have any effect.
Does Thelia use file-based session handling by default? If so, where does it keep them, if not in local/session/? If not, what do I need to do to get sessions working?