像这样使用Symfony 4和 security.yaml
:
encoders:
App\Entity\User: sha256
providers:
public_users:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
form_login:
login_path: login
remember_me: true
remember_me:
secret: "%kernel.secret%"
name: relevea_remember_me
lifetime: 864000
always_remember_me: false
remember_me_parameter: user_login[stayConnected]
logout:
path: logout
target: /about
invalidate_session: false
access_control:
- { path: ^/auth, roles: IS_AUTHENTICATED_ANONYMOUSLY }
logout
操作未清除rememberMe令牌 .
我可以看到 LogoutListener
(https://github.com/symfony/security/blob/master/Http/Firewall/LogoutListener.php)在 RememberMeListener
(https://github.com/symfony/security/blob/master/Http/Firewall/RememberMeListener.php)之后被调用,因此对于LogoutListener,令牌为空并且没有清除任何内容:/
来自 TraceableFirewallListener
的监听器列表:
Symfony \ Component \ Security \ Http \ Firewall \ ChannelListener Symfony \ Component \ Security \ Http \ Firewall \ ContextListener Symfony \ Component \ Security \ Http \ Firewall \ LogoutListener Symfony \ Component \ Security \ Http \ Firewall \ UsernamePasswordFormAuthenticationListener Symfony \ Component \ Security \ Http \ Firewall \ RememberMeListener Symfony \ Component \ Security \ Http \ Firewall \ AnonymousAuthenticationListener Symfony \ Component \ Security \ Http \ Firewall \ AccessListener
为什么退出监听器先于其他人?
2 回答
自2013年以来,它看起来是个已知问题!
https://github.com/symfony/symfony/issues/7104
所以基本上,你不能从RememberMe令牌注销:/
您可以覆盖防火墙侦听器以调用logout侦听器,如下所示