将 Symfony 4 与security.yaml
像这样:
encoders:
App\Entity\User: sha256
providers:
public_users:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
form_login:
login_path: login
remember_me: true
remember_me:
secret: "%kernel.secret%"
name: relevea_remember_me
lifetime: 864000
always_remember_me: false
remember_me_parameter: user_login[stayConnected]
logout:
path: logout
target: /about
invalidate_session: false
access_control:
- { path: ^/auth, roles: IS_AUTHENTICATED_ANONYMOUSLY }
logout
操作并未清除 RememberMe 令牌。
我理解了LogoutListener
(https://github.com/symfony/security/blob/master/Http/Firewall/LogoutListener.php https://github.com/symfony/security/blob/master/Http/Firewall/LogoutListener.php) 之后调用RememberMeListener
(https://github.com/symfony/security/blob/master/Http/Firewall/RememberMeListener.php https://github.com/symfony/security/blob/master/Http/Firewall/RememberMeListener.php)因此对于 LogoutListener,令牌为 null 并且没有清除任何内容:/
听众名单来自TraceableFirewallListener
:
Symfony\Component\Security\Http\Firewall\ChannelListener
Symfony\Component\Security\Http\Firewall\ContextListener
Symfony\Component\Security\Http\Firewall\LogoutListener
Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener
Symfony\Component\Security\Http\Firewall\RememberMeListener
Symfony\Component\Security\Http\Firewall\AnonymousAuthenticationListener
Symfony\Component\Security\Http\Firewall\AccessListener
为什么注销监听器在其他监听器之前?
自 2013 年以来,这似乎是一个已知问题!
https://github.com/symfony/symfony/issues/7104 https://github.com/symfony/symfony/issues/7104
所以基本上,您无法从“记住我”令牌中注销:/
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)