[英]Symfony2 Multiple Firewalls: Logs out from other firewall
I have 2 firewalls (one for the admin panel and one for the registered users ) and 2 in-memory providers (one for the admin and one for the registered users ) for my Symfony2 application -- too dynamic huh? 我的Symfony2应用程序有2个防火墙 (一个用于管理面板 ,一个用于注册用户 )和2个内存提供程序 (一个用于管理员 ,一个用于注册用户 )-太动态了吧?
Now, I tried to access a route for registered users , Boom! 现在,我尝试访问注册用户 Boom的路由。 I am presented with a BasicAuth dialog as expected.
出现预期的基本身份验证对话框。
Next, when I tried to access a route for admin , I am again presented with another BasicAuth dialog -- as expected too. 接下来,当我尝试访问admin的路由时,再次出现另一个BasicAuth对话框-也是预期的。
However, when I navigate back to any registered users ' route, I am again presented with the BasicAuth dialog to which I conclude that everytime I am asked for my credentials with the authentication dialog of the firewall that matches the route I am navigating, I was automatically logged out from the other firewall. 但是,当我导航回任何注册用户的路由时,再次出现BasicAuth对话框,我得出的结论是,每次我使用与我导航的路由相匹配的防火墙的身份验证对话框询问我的凭据时,自动从其他防火墙注销。
Here is my security.yml
file. 这是我的
security.yml
文件。
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
walang_forever:
memory:
users:
user:
password: test
roles: 'ROLE_USER'
nailad_forever:
memory:
users:
admin:
password: test
roles: 'ROLE_ADMIN'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin_gugma:
pattern: ^/admin
http_basic:
provider: nailad_forever
main_gugma:
pattern: ^/user
http_basic:
provider: walang_forever
encoders:
Symfony\Component\Security\Core\User\User: plaintext
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/user, roles: ROLE_USER }
All I want is just to login once per firewall. 我想要的只是每个防火墙登录一次。
Any similar experiences? 有类似的经历吗? Or proposed solution?
还是提出解决方案?
Use the invalidate_session: false on both logout firewall settings: 在两个注销防火墙设置上都使用invalidate_session:false:
logout:
path: mylogoutpath
target: MyBundle_homepage
invalidate_session: false
The invalidate_session: false does the trick. invalidate_session:false可以解决问题。 See: https://extractcode.com
请参阅: https : //extractcode.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.