当“记住我"时,在 Symfony 2 应用程序中注销用户已启用 [英] Log user out in Symfony 2 application when "remember me" is enabled
问题描述
我正在寻找一种方法来让用户退出 Symfony 2 应用程序,但找不到正确的方法.
I'm looking for a way to log user out of Symfony 2 application, but could not find a way to do it properly.
我尝试了此处描述的方法:Symfony2:如何在控制器中手动注销用户?
I've tried an approach described here: Symfony2: how to log user out manually in controller?
$this->get('security.context')->setToken(null);
$this->get('request')->getSession()->invalidate();
当记住我"被禁用时它工作正常,但是,当我启用它时,它不起作用.看起来这个 cookie 会自动重新验证用户身份.
It's working fine when "remember me" is disabled, however, when I enable it, it's not working. It looks like user is automatically re-authenticated back again by this cookie.
remember_me:
key: "%secret%"
lifetime: 31536000
path: /
domain: ~
always_remember_me: true
从 Symfony 2 应用程序中注销用户的正确方法是什么?我需要从服务器端额外删除这个 cookie 吗?
What is the proper way to log user out of Symfony 2 application? Do I need to additionally delete this cookie from server-side?
推荐答案
您可能需要调用会话存储的 save()
(文档) 方法.
You may have to call the session-storage's save()
(Documentation) method explicitly.
强制保存和关闭会话.
您还可以通过响应标头请求删除 session- 和/或 remember_me- cookie.
Further you can request to delete the session- and/or remember_me-cookies via response headers.
session-cookie 的名称被配置为容器参数 framework.session.name
并且默认为来自的 session.name
值您的 php.ini.
The session-cookie's name is configured as the container-parameter framework.session.name
and defaults to the session.name
value from your php.ini.
$cookieName = $this->container->getParameter('framework.session.name');
$response->headers->clearCookie( $cookieName );
remember_me-cookie 的名称可以在您的 security
配置中进行配置.
The remember_me-cookie's name can be configured in your security
configuration.
security:
firewalls:
your_firewall:
remember_me:
name: neverforget # <- cookie-name
这篇关于当“记住我"时,在 Symfony 2 应用程序中注销用户已启用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!