How to make SF2/FOSUserBundle ask user for password again upon specific actions?
Question
I have this secured admin area under /admin/ . Users need to be logged in via an HTTP basic auth ( http_basic set to true in security.yml) .
My goal is, for specific action in specific controller, to re-ask user for his username/password. I thought this would be simple but as per my research, it appears it is not.
I have tried to unset both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] but it seems to have no effect. I also tried to change header to set a 401 status code but this has not effect either.
How can this be achievable?
1 answers
solution1
0 ACCPTED 2015-03-24 18:39:08
First of all, the HTTP Basic Authentication has NOT been designed to support the log out.
That means you can not guarantee it on every browser ; even with the 401 trick nor with the redirection user@mysite.com to invalidate the credentials.
See this answer .
So this is a bad habit to use it when you need to log out your user.
You should use the custom authentication provided by FOSUserBundle if you want to re-ask the user's credentials. And it's pretty simple & secure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.