当“记住我"时，在 Symfony 2 应用程序中注销用户已启用 [英] Log user out in Symfony 2 application when "remember me" is enabled

问题描述

我正在寻找一种方法来让用户退出 Symfony 2 应用程序，但找不到正确的方法.

I'm looking for a way to log user out of Symfony 2 application, but could not find a way to do it properly.

我尝试了此处描述的方法:Symfony2:如何在控制器中手动注销用户?

I've tried an approach described here: Symfony2: how to log user out manually in controller?

$this->get('security.context')->setToken(null);
$this->get('request')->getSession()->invalidate();

当记住我"被禁用时它工作正常，但是，当我启用它时，它不起作用.看起来这个 cookie 会自动重新验证用户身份.

It's working fine when "remember me" is disabled, however, when I enable it, it's not working. It looks like user is automatically re-authenticated back again by this cookie.

remember_me:
    key:      "%secret%"
    lifetime: 31536000
    path:     /
    domain:   ~
    always_remember_me: true

从 Symfony 2 应用程序中注销用户的正确方法是什么?我需要从服务器端额外删除这个 cookie 吗?

What is the proper way to log user out of Symfony 2 application? Do I need to additionally delete this cookie from server-side?

推荐答案

您可能需要调用会话存储的 save() (文档) 方法.

You may have to call the session-storage's save() (Documentation) method explicitly.

强制保存和关闭会话.

您还可以通过响应标头请求删除 session- 和/或 remember_me- cookie.

Further you can request to delete the session- and/or remember_me-cookies via response headers.

session-cookie 的名称被配置为容器参数 framework.session.name 并且默认为来自的 session.name 值您的 php.ini.

The session-cookie's name is configured as the container-parameter framework.session.name and defaults to the session.name value from your php.ini.

$cookieName = $this->container->getParameter('framework.session.name');
$response->headers->clearCookie( $cookieName );

remember_me-cookie 的名称可以在您的 security 配置中进行配置.

The remember_me-cookie's name can be configured in your security configuration.

security:
    firewalls:
        your_firewall:
            remember_me: 
                name: neverforget # <- cookie-name

这篇关于当“记住我"时，在 Symfony 2 应用程序中注销用户已启用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！