symfony 注销时删除记住我的cookie
[英]symfony Delete remember me cookie when logging out
问题描述
There is a delete_cookies in the security configuration file: http://symfony.com/doc/current/reference/configuration/security.html
安全配置文件中有一个delete_cookies : http://symfony.com/doc/current/reference/configuration/security.html
I have remember_me enabled.我启用了remember_me 。 Everything works fine except when an user goes to the 'logout' link (directly from the url bar), I want symfony to delete the REMEMBERME cookie.一切正常,除非用户转到“注销”链接(直接从 url 栏),我希望 symfony 删除REMEMBERME cookie。 How can I achieve that?我怎样才能做到这一点? Am I missing something?我错过了什么吗?
When I go to url /app/logout , I can see the chrome dev tools that I still have the REMEMBERME cookie.当我 go 到 url /app/logout时,我可以看到我仍然有REMEMBERME cookie 的 chrome 开发工具。
This is my security.yml file:这是我的security.yml文件:
firewalls:
app_secured:
anonymous: ~
switch_user: true
pattern: ^(/$|/login$|/app/)
form_login:
login_path: login
check_path: login_check
csrf_provider: form.csrf_provider
default_target_path: index
always_use_default_target_path: true
remember_me:
key: "%secret%"
lifetime: 2592000
path: ~
domain: ~
logout:
invalidate_session: true
delete_cookies:
REMEMBERME: { path: null, domain: null}
path: logout
target: login
access_control:
- { path: ^/app/_sys/, roles: ROLE_NO_ACCESS }
- { path: ^/app/, roles: ROLE_USER }
- { path: ^/app/admin/, roles: ROLE_ADMIN }
Routing.yml路由.yml
login:
path: /
defaults: { _controller: AppWebBundle:Login:login }
login_check:
path: /login_check
logout:
path: /app/logout
LoginController.php登录控制器.php
/**
* Login controller.
* @Route("/")
*/
class LoginController extends Controller
{
/**
* Login page
* @Route("/login", name="login2")
*/
public function loginAction(Request $request){
/** Reduced for simplicity, same code as:
http://symfony.com/doc/current/book/security.html#using-a-traditional-login-form **/
return $this->render('AppWebBundle:Default:login.html.twig', ['last_username' => $lastUsername,'error'=> $error,]);
}
}
3 个解决方案
解决方案1
5 2015-01-19 22:38:45
$response = new Response();
$response->headers->clearCookie('REMEMBERME');
$response->send();
You could delete the cookie with this in a controller 您可以在控制器中以此删除cookie
解决方案2
1 已采纳 2014-11-12 19:28:59
I found out that it doesn't work if you put directly the logout url into the url bar. 我发现,如果直接将注销URL放入url栏,则它不起作用。 The user has to click logout in order to work. 用户必须单击注销才能工作。
Creating a link <a href="{{url('logout')}}">Logout</a> and clicking it worked. 创建链接<a href="{{url('logout')}}">Logout</a> ,然后单击该链接<a href="{{url('logout')}}">Logout</a> 。
解决方案3
0 2022-08-18 13:31:20
Removing in server side the REMEMBERME token after logout should be automatic but it's not.注销后在服务器端删除 REMEMBERME 令牌应该是自动的,但事实并非如此。 To do so, you'll have to change the way you store your token.为此,您必须更改存储令牌的方式。
Since Symfony 2.8, the easy way is to use Doctrine to store tokens in database:由于 Symfony 2.8,简单的方法是使用 Doctrine 将令牌存储在数据库中:
# config/packages/security.yaml
security:
# ...
firewalls:
main:
# ...
remember_me:
secret: '%kernel.secret%'
# ...
token_provider:
doctrine: true
Doing this will not only store token in database, it will invalidate it on logout event.这样做不仅会将令牌存储在数据库中,还会在注销事件时使其无效。
You can learn more in the documentation: https://symfony.com/doc/6.1/security/remember_me.html您可以在文档中了解更多信息: https://symfony.com/doc/6.1/security/remember_me.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.