Symfony2 Guard 不保存会话

Question

Symfony 3.0.2

我的配置（其他一切都接近默认）：

session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
    save_path:   "%kernel.root_dir%/../var/sessions/%kernel.environment%"
    cookie_httponly: false

安全：

security:
    encoders:
        XXX\UserBundle\Entity\User:
            algorithm: bcrypt
            cost: 12

    role_hierarchy:
        ROLE_USER:          ROLE_USER
        ROLE_MODERATOR:     ROLE_USER
        ROLE_ADMIN:         ROLE_MODERATOR
        ROLE_SUPER_ADMIN:   ROLE_ADMIN

    providers:
        xx_userbundle:
            id: xx.user_provider

    firewalls:
        public:
            pattern: ^/report/(footer|report)
            security: false

        main:
            pattern: ^/
            anonymous: ~

            guard:
                provider: xx_userbundle
                authenticators:
                    - xx.user_authenticator

            logout:
                path: /auth/logout

            remember_me:
                name: vsess
                secret: "%secret%"
                lifetime: 604800 # 1 week in seconds
                path: /
                remember_me_parameter: remember_me

    access_control:
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/auth, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, role: ROLE_MODERATOR }
        - { path: ^/, role: ROLE_USER }

我正在使用保护功能来允许使用来自 angular 的 json 内容进行身份验证。 UserAuthenticator类几乎是默认的，唯一的例外onAuthenticationSuccess是这样的：

public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
    $targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');

    if (!$targetPath) {
        $targetPath = $this->getDefaultSuccessRedirectUrl();
    }
    $jsonRequest = $request->getContentType() == 'json';

    if ($request->isXmlHttpRequest() || $jsonRequest) {
        $data = array(
            'success' => true,
            'redirect' => $targetPath
        );

        return new JsonResponse($data);
    } else {
        return new RedirectResponse($targetPath);
    }
}

一切正常，除了将会话保存到文件之外，会话目录为空。虽然当我检查Request会话 ID 时。当我在探查器中检查登录路由时，我看到：

security    Guard authenticator set success response.
Context: { "response": "Object(Symfony\\Component\\HttpFoundation\\JsonResponse)", "authenticator": "XXX\\UserBundle\\Security\\UserAuthenticator" }
security    Clearing remember-me cookie.
Context: { "name": "vsess" }
security    Did not send remember-me cookie.
Context: { "parameter": "remember_me" }
security    Remember-me was not requested.
security    The "XXX\UserBundle\Security\UserAuthenticator" authenticator set the response. Any later authenticator will not be called
security    Stored the security token in the session.
Context: { "key": "_security_main" }

但是，请求中的 set-cookie 是空的：

set-cookie  vsess=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly

有什么原因使它不起作用吗？我应该自己保存会话还是cookie？我敢打赌存在某种配置错误的问题。提前致谢。