如何销毁Symfony 2中的所有会话 [英] How to destroy all sessions in Symfony 2
问题描述
经过一些专家的详细调查和咨询,我想到了销毁会话的想法是不正确的.更好的问题是-«如何强制所有用户注销».
After detailed investigation and consultation with some experts, it occurred to me, that idea of destroying sessions is an incorrect one. The better question would be — «How to force all users to log out».
这个问题不应该从会话的角度解决,它是一个非常低级的机制,而应该从安全组件那里解决.即使您删除了所有会话数据,也将通过remember me
cookie在下一个用户请求时重新创建它们.
And this problem should be solved not from the session perspective, which is a pretty low-level mechanism, but from the Security Component one. Even if you delete all session data, it will be re-created by means of remember me
cookies with the next user requests.
稍后,我将尝试提供针对此问题的有效解决方案.
I will try to present the valid solution to this problem later on.
我需要实现所谓的锁定"应用程序功能,因此我需要一种方法将所有用户从Symfony 2应用程序中注销(关闭所有活动会话).
I need to implement a feature of so-called application «lockdown», so I need a way to log all users out of Symfony 2 application (close all active sessions).
实现此功能的最佳方法是什么?
What is the best way to achieve this functionality?
理想情况下,该解决方案应该与所有可能的保存完全兼容-处理程序.
Ideally, the solution should be fully compatible with all possible save-handlers.
SessionHandlerInterface
似乎没有提供这样做的方法.
It looks like SessionHandlerInterface
doesn't provide a method to do so.
推荐答案
一种编程方法应该是使用会话侦听器,如果存在特定事件(例如,数据库表中存在的标记/时间戳或某些特定事件),则使会话无效.相似.
A Programmatic approach should be to use a session listener and invalidate the session if a particular event exist, something like a flag/timestamp alive in a database table or some similar.
如本文所述
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface;
class SessionListener
{
/**
* @var \Acme\DemoBundle\Service\SessionInvalidator
*/
protected $sessionInvalidator;
function __construct($sessionInvalidator)
{
$this->sessionInvalidator=$sessionInvalidator;
}
public function onKernelRequest(GetResponseEvent $event)
{
if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST) {
return;
}
$session = $event->getRequest()->getSession();
$metadataBag = $session->getMetadataBag();
$lastUsed = $metadataBag->getLastUsed();
if ($lastUsed === null) {
// the session was created just now
return;
}
// "last used" is a Unix timestamp
if (! $this->sessionInvalidator->checkTimestampIsValid($lastUsed))
$session->invalidate();
}
}
和配置:
<service id="amce_security.verify_session_listener"
class="Acme\DemoBundle\EventListener\SessionListener">
<argument type="service" id="acme.session_invalidator"/>
<tag name="kernel.event_listener"
event="kernel.request"
priority="100"
method="onKernelRequest" />
</service>
希望获得帮助
这篇关于如何销毁Symfony 2中的所有会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!