Symfony 2 Logout

Question

this is my first Symfony 2 application and i am trying to logout the currently logged in user.

This is my app/config/security.yml

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    in_memory:
        memory:
            users:
                user0:  { password: user0, roles: [ 'ROLE_ADMIN' ] }
                user1:  { password: user1, roles: [ 'ROLE_SUPER_ADMIN' ] }

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/demo/secured/login$
        security: false

    secured_area:
        pattern: ^/
        logout: ~
        anonymous: ~
        http_basic:
            realm: "Secured Area"

access_control:
    - { path: ^/question/*, roles: ROLE_ADMIN }
    - { path: ^/questiongroup/*, roles: ROLE_ADMIN }
    - { path: ^/answer/*, roles: ROLE_ADMIN }
    - { path: ^/newslettertemplate/*, roles: ROLE_ADMIN }
    - { path: ^/customer/*, roles: ROLE_SUPER_ADMIN }
    - { path: ^/statistics/*, roles: ROLE_SUPER_ADMIN }

I have created the logout entry in the routing.yml as described in the symfony security documentation:

logout:
    path:   /logout

When i create a link to the "logout" i do get redirected to the "/" which is ok. But the user still is authenticated, means the actual logout did not work.

Answer 1

It doesn't work with HTTP Basic Authentication because the browser remembers your credentials and sends them with each request. You can do nothing about this on the server side.

I believe eventually you're going to switch to the form based login. The logout feature will work like it's supposed to when you do.