From 23c6a6fc1da705ec79c0a51f6c778b843f3dd335 Mon Sep 17 00:00:00 2001
From: Serreau Jovann <jovann@siteconseil.fr>
Date: Thu, 26 Mar 2026 09:24:18 +0100
Subject: [PATCH] fix: remplacer session save par session start avant le
 redirect OAuth
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Le save() fermait la session prématurément. Le start() garantit que
la session est initialisée avant que le state OAuth y soit stocké.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/Controller/EtlController.php  | 4 ++--
 src/Controller/HomeController.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Controller/EtlController.php b/src/Controller/EtlController.php
index ba5290f..17d1e22 100644
--- a/src/Controller/EtlController.php
+++ b/src/Controller/EtlController.php
@@ -1079,14 +1079,14 @@ class EtlController extends AbstractController
     #[Route('/etl/connect/keycloak', name: 'connect_keycloak_etl_start')]
     public function connectKeycloakEtlStart(ClientRegistry $clientRegistry, Request $request): Response
     {
+        $request->getSession()->start();
+
         $response = $clientRegistry
             ->getClient('keycloak_etl')
             ->redirect(['openid', 'profile', 'email']);
         $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate');
         $response->headers->set('Pragma', 'no-cache');
 
-        $request->getSession()->save();
-
         return $response;
     }
 
diff --git a/src/Controller/HomeController.php b/src/Controller/HomeController.php
index 805014f..b4a026d 100644
--- a/src/Controller/HomeController.php
+++ b/src/Controller/HomeController.php
@@ -28,14 +28,14 @@ class HomeController extends AbstractController
     #[Route('/intranet/connect/keycloak', name: 'connect_keycloak_start')]
     public function connect(ClientRegistry $clientRegistry, Request $request): Response
     {
+        $request->getSession()->start();
+
         $response = $clientRegistry
             ->getClient('keycloak')
             ->redirect(['email', 'profile', 'openid'], []);
         $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate');
         $response->headers->set('Pragma', 'no-cache');
 
-        $request->getSession()->save();
-
         return $response;
     }