使用GET/POST令牌登录到应用程序 [英] Login to application with GET/POST token

问题描述

我正在使用具有标准登录表单的Symfony Web应用程序.为了让用户更轻松地登录，我们希望为他们提供一个直接登录的链接.我已经建立了一种使用令牌的方法，但是对于Symfony登录过程的工作方式，尤其是如何使它适应GET/POST令牌而不是重定向到登录页面，我一无所知. 任何帮助表示赞赏！

I work on a Symfony web application which has a standard login form. To allow users to login more easily we want to give them a link which logs them in directly. I've already build a way to get a token to use, but I have no clue as to how the Symfony login process works, specifically how I can adapt it to take a GET/POST token instead of redirecting to the login page. Any help appreciated!

哦，这是Symfony 1.2 BTW(不，现在不可以升级)

Oh and this is Symfony 1.2 BTW (and no, upgrading is not an option right now)

推荐答案

感谢汤姆，我最终要做的是构建第二个登录模块/动作(我已经有了executeLogin动作，该动作基本上设置了$ this-> getUser( )和$ this-> getUser()-> setAuthenticated(true)(如果用户名/密码正确)，则使用令牌代替用户名/密码. 安全方面需要考虑的一些事情:在成功登录尝试中使用令牌时清除令牌，或者在创建令牌时设置过期时间戳记.这样，机器人就无法猜测"令牌.

Thanks Tom, what I ended up doing was building a second login module/action (I already had a executeLogin action which basically sets the $this->getUser() and $this->getUser()->setAuthenticated(true) when the username/password is correct) with a token instead of username/password. Some things to take into account on security: either clear up your token when used in a successful login attempt or set something of an expiration timestamp when creating the token. This way a bot can't 'guess' a token.

这篇关于使用GET/POST令牌登录到应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！