Remove authenticated user from context Symfony
Question
I would like to know the instruction how to remove a user that has just been authenticated so it would be like no user has been authenticated.
Should I delete the content of the session or is there a proper way ?
2 answers
solution1
0 ACCPTED 2016-01-28 10:06:33
you can try this :
$this->get('security.token_storage')->setToken(null);
$this->get('request')->getSession()->invalidate();
solution2
0 2016-01-28 10:32:30
Basically, if the password is older than 3 months, you need to force the user to the change password site. He shouldn't be able to do something else but to change the password, as long as he doesn't change it.
You must not break the authentication, because the user never could change the password if he isn't authenticated.
After the user changes his password you could log him out and redirect him back to home or the login page.
To log a user out of your system you need to invalidate his Token and Session. You'll find more information to the manually logout of an user in this question .
// manual logout
$this->get('security.token_storage')->setToken(null);
$this->get('request')->getSession()->invalidate();
So this code would be placed in the $form->isValid() part of the password change form.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.