Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Symfony 2 Logout

Tags:

php

symfony

this is my first Symfony 2 application and i am trying to logout the currently logged in user.

This is my app/config/security.yml

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    in_memory:
        memory:
            users:
                user0:  { password: user0, roles: [ 'ROLE_ADMIN' ] }
                user1:  { password: user1, roles: [ 'ROLE_SUPER_ADMIN' ] }

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/demo/secured/login$
        security: false

    secured_area:
        pattern: ^/
        logout: ~
        anonymous: ~
        http_basic:
            realm: "Secured Area"

access_control:
    - { path: ^/question/*, roles: ROLE_ADMIN }
    - { path: ^/questiongroup/*, roles: ROLE_ADMIN }
    - { path: ^/answer/*, roles: ROLE_ADMIN }
    - { path: ^/newslettertemplate/*, roles: ROLE_ADMIN }
    - { path: ^/customer/*, roles: ROLE_SUPER_ADMIN }
    - { path: ^/statistics/*, roles: ROLE_SUPER_ADMIN }

I have created the logout entry in the routing.yml as described in the symfony security documentation:

logout:
    path:   /logout

When i create a link to the "logout" i do get redirected to the "/" which is ok. But the user still is authenticated, means the actual logout did not work.

like image 202
CBergau Avatar asked Sep 13 '13 17:09

CBergau


People also ask

How to logout user Symfony?

Logout in Symfony2 is handled by so called logout handler which is just a lister that is executed when URL match pattern from security configuration, ie. if URL is let's say /logout then this listener is executed. There are two build-in logout handlers: CookieClearingLogoutHandler which simply clears all cookies.

Is Symfony secure?

Symfony provides many tools to secure your application. Some HTTP-related security tools, like secure session cookies and CSRF protection are provided by default.


1 Answers

It doesn't work with HTTP Basic Authentication because the browser remembers your credentials and sends them with each request. You can do nothing about this on the server side.

I believe eventually you're going to switch to the form based login. The logout feature will work like it's supposed to when you do.

like image 140
Elnur Abdurrakhimov Avatar answered Oct 06 '22 13:10

Elnur Abdurrakhimov