注销不会在FOSUserBundle中正确销毁/清除会话 [英] Logout does not destroy/clear session properly in FOSUserBundle
问题描述
我有一些问题,不知道为什么,当我从我的应用程序注销时,由FOSUserBundle处理,因为当前会话永远不会被销毁,甚至无法清除,当我登录时会导致问题,因为我存储了一些数据会话。这就是我的 security.yml 的样子:
security:
编码器:
FOS \UserBundle\Model\UserInterface:sha512
role_hierarchy:
ROLE_USER:ROLE_USER
ROLE_ADMIN:ROLE_ADMIN
提供者:
fos_userbundle:
id:fos_user.user_provider.username_email
防火墙:
dev:
模式:^ /(_(profiler |
main:
pattern:^ /
form_login:
provider:fos_userbundle
csrf_provider :form.csrf_provider
login_path:/ login
check_path:/ login_check
default_target_path:home
always_use_default_target_path:true
注销:
路径:fos_user_security_logout
target:/
invalidate_session:false
anonymous:〜
access_control:
...
这就是会话键在 config.yml
session:
#handler_id设置为null将使用来自php.ini的默认会话处理程序
handler_id:〜
cookie_lifetime:86400
gc_maxlifetime:600#会话在10分钟不活动后会过期
gc_probability:1
gc_divisor:1
作为这个问题的第二部分,我有一个很大的疑问,因为这对我来说是新事物,它与Symfony2中垃圾收集的工作方式有关?我正在阅读文档,但它是对我不清楚,而且我不知道这是否是原因,因为从应用程序注销时,会话没有正确销毁。对此有何解释?如果我没有弄错,我的应用程序会自动注销用户,当10分钟通过而不做任何事情时,意味着不活动,我是对的?但是GC部分在这个配置上做了些什么或什么?我从这个主题中获取该配置,但还没有理解那个配置。
另外需要注意的是,我正在使用Firefox | Chrome浏览器在私人窗口中工作,因此浏览器不应该存在缓存。
security.yml 中的 为了澄清,这里是来自 和 .... I'm having some problems, don't know why, when I logout from my application which is handled by FOSUserBundle since current session is never destroyed or even clear which is causing issues when I login back cause I store some data on session. This is how my And this is how the I'm missing something else here? As a second part of this question I have a big doubt since this is something new to me and it's related to how garbage collection works in Symfony2? I was reading docs around it but is not clear to me and also I don't know if this is the cause because session isn't destroyed properly when I logout from the application. Any explanation around this? If I'm not mistaken my application will logout users, automatically, when 10 min pass without do nothing, meaning inactivity, I'm right? But how or what the GC part do on this config? I take that configuration from this topic but not understand that one yet. As an additional note, I'm working with Firefox|Chrome both in private windows so no cache from browser should exists. For clarification, here is the code from and .... 这篇关于注销不会在FOSUserBundle中正确销毁/清除会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! true ,在您的配置文件中 false ,尝试将其更改为
$ b $ p SecurityExtension.php
if(true === $ firewall ['logout'] ['invalidate_session']&& false == = $ firewall ['stateless']){
$ listener-> addMethodCall('addHandler',array(new Reference('security.logout.handler.session')));
}
'security.logout.handler.session' :
$ b
public function logout(Request $ request,Response $ response,TokenInterface $ token)
{
$ request-> getSession() - > invalidate();
}
security.yml looks like:security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
default_target_path: home
always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: /
invalidate_session: false
anonymous: ~
access_control:
...
session keys are configured at config.yml:session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
cookie_lifetime: 86400
gc_maxlifetime: 600 # session will expire after 10 minutes of inactivity
gc_probability: 1
gc_divisor: 1
invalidate_session option in security.yml file is by default set to true, in your config its false, try to change it to true.SecurityExtension.phpif (true === $firewall['logout']['invalidate_session'] && false === $firewall['stateless']) {
$listener->addMethodCall('addHandler', array(new Reference('security.logout.handler.session')));
}
'security.logout.handler.session':public function logout(Request $request, Response $response, TokenInterface $token)
{
$request->getSession()->invalidate();
}
