如何在Symfony中强制注销用户? [英] How can one force logout a user in Symfony?
问题描述
我有一个User实体,该实体具有一个布尔列isActivated.根据每个用户的列的值,他是否可以登录(即,他尚未激活其帐户,因此无法登录).我通过在防火墙中分配一个simple_form.authenticator来实现这一点,它会在每次登录时进行检查.
I have a User entity, which has a boolean column isActivated. Depending on the value of the column for each user, he may or may not be able to login (i.e. he hasn't activated his account so no login). I've achieved that by assigning an simple_form.authenticator in the firewall which check upon every login.
我正在尝试找出在用户仍然登录时如何强制注销用户.
请考虑以下情形:
I'm trying to figure out how force logout a user while he's still loged in.
Consider the following scenario:
- 用户在其帐户仍处于活动状态时登录.
- 管理员停用用户帐户.
- 由于该用户不再处于活动状态,因此已注销.
不幸的是,第3步没有发生.原因可能在于用户已经接收到令牌,并且已被Symfony 2.5的防火墙视为受了折磨"(可能令牌已缓存在安全上下文中了?).
Unfortunately step #3 doesn't happen. The reason may lay in the fact that the user has already received the token and is considered to be "tursted" by the Symfony 2.5's firewall (probably the token is cached in the security context?).
我想知道解决这个问题的最佳方法是什么?我应该编写内核事件侦听器还是自定义用户提供程序?
I'm wondering what would be the best way to overcome this issue? Should I write a kernel event listener or perhaps a Custom User Provider?
推荐答案
您可以使用以下两行终止用户的会话(如果可以访问容器,否则必须注入security.context和session):
You can terminate the user's session with the following two lines (if you have access to the container, otherwise you must inject security.context and session):
$container->get('security.context')->setToken(null);
$container->get('session')->invalidate();
此后,应注销用户.
如果您之前已加载用户实体,则可能也要取消设置.
If you have loaded the user entity before, you may want to unset that, too.
这篇关于如何在Symfony中强制注销用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
