可靠地重定向到 symfony2 中最后访问的页面 [英] Reliably redirect to last accessed page in symfony2

问题描述

我将 FosUserBundle 登录嵌入到我的主页中，我已经覆盖了 fos 的安全控制器并更改了 renderLogin() 操作，我不得不放置一个 if 条件以重定向到上次访问使用 referers 的页面，那 一切都很好，但我现在意识到 HTTP 协议不需要 HTTP Referer 标头，它可以完全跳过甚至欺骗通过浏览器设置等.不可靠！

I'm embedding the FosUserBundle login inside my home page, i have overriddent the security controller of fos and changed the renderLogin() action, i had to put an if condition to redirect to last accessed page using referers , that was all well and good, but i realize now that The HTTP Referer header is not required by the HTTP Protocol and it can be compleatly skipped or even spoofed by browser setting etc. its unreliable!

但是如果 symfony 框架可以保证 $request->server->get('HTTP_REFERER') 或 $request->headers->;get('referer') 将被设置.我可以毫不费力地使用这些

but if symfony framework can guarantee $request->server->get('HTTP_REFERER') or $request->headers->get('referer') will be set. i can use these without hassle

我的问题

• 来自 symfony 请求对象的引用是否 100% 可靠?
• $request->server->get('HTTP_REFERER') 和 $request->headers->get('referer')<的区别是什么/code> ?
• 如果不可靠，还有哪些替代方案?

(P.S)

在 symfony 文档

in symfony docs

如果用户请求 http://www.example.com/admin/post/18/edit，然后他们成功登录后，最终会被送回http://www.example.com/admin/post/18/edit.这是通过在会话中存储请求的 URL 来完成的.

if the user requested http://www.example.com/admin/post/18/edit, then after they successfully log in, they will eventually be sent back to http://www.example.com/admin/post/18/edit. This is done by storing the requested URL in the session.

但是他们没有解释它的内部工作原理.如果推荐人最终被证明不可靠，那么我的替代方案如下，欢迎提出任何建议

but they have't explained the inner working of it. if referers are finally proved to be unreliable then my alternatives are as below, any suggestion are welcomed

1).注册一个监听器并添加一个属性 last_path

1). registering a listner and adding an attribute last_path

2).存储会话变量 last_path

2). storing a session variable last_path

推荐答案

in security.yml

in security.yml

main:
            pattern: ^/
            logout: true
            form_login:
                provider: fos_userbundle
                login_path: /login
                success_handler: authentication_handler
                failure_handler: authentication_handler
            remember_me:
                key:      secret
                lifetime: 604800
                path:     /
                domain:   yourdomain.com
            anonymous: true
            logout:
                path: /logout
                target: /
                handler: authentication_handler

在 config.yml 中

in the config.yml

services:
     authentication_handler:
       class: YourBundle\UserBundle\Security\AuthenticationHandler

AuthentificationHandler 类

the AuthentificationHandler Class

 <?PHP

    Namespace YourBundle\UserBundle\Security;

    class AuthenticationHandler implements
    AuthenticationFailureHandlerInterface, AuthenticationSuccessHandlerInterface, LogoutSuccessHandlerInterface {

        public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
            $referer = $request->headers->get('referer');
            $request->getSession()->setFlash('LoginError', $exception->getMessage());

            return new RedirectResponse($referer);
        }

        public function onAuthenticationSuccess(Request $request, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token) {
            $referer = $request->headers->get('referer');
            $request->getSession()->setFlash('LoginError', "success");
            return new RedirectResponse($referer);
        }

        public function onLogoutSuccess(Request $request) {
            $referer = $request->headers->get('referer');
            return new RedirectResponse($referer);
        }

    }
    ?>

这篇关于可靠地重定向到 symfony2 中最后访问的页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！