Symfony PHP Logout not working

fcg9iug3  于 2023-10-23  发布在  PHP
关注(0)|答案(4)|浏览(117)

我有一个注销功能,在另一个项目中工作,但由于某种原因,在我目前正在工作的项目中不工作。它看起来像只是刷新页面。我检查了Symfony https://symfony.com/doc/current/security.html的官方文档,但没有用。希望你们能帮助我。
更新:Security.yml:

# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
    providers:
        in_memory:
            memory:
                users:
                    beheerder:
                        password: admin
                        roles: 'ROLE_BEHEERDER'

    access_control:
        - { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            anonymous: 
            # activate different ways to authenticate

            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
            http_basic: ~

            # https://symfony.com/doc/current/security/form_login_setup.html
            #form_login: ~
            logout:
                path: security_logout
                target: /

控制器:

<?php

namespace AppBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;

class DefaultController extends Controller
{

    //Functie om naar de homepagina te gaan met een redirect naar de homepagina van de gebruiker.

    /**
     * @Route("/", name="homepage")
     */
    public function indexAction(Request $request, AuthorizationCheckerInterface $authorizationChecker)
    {
        if ($authorizationChecker->isGranted(new Expression('"ROLE_BEHEERDER" in roles')))
        {
            return $this->redirectToRoute('beheerder');
        }
        else
        {
            return $this->render('default/index.html.twig');
        }
    }

    /**
     * @Route("/beheerder", name="beheerder")
     */
    public function beheerder(Request $request)
    {
        return new Response($this->renderView('beheerder/index.html.twig'));
    }

    /**
     * @Route("/logout", name="security_logout")
     */
    public function logoutAction(Request $request)
    {
        return new Response($this->renderView('logout.html.twig'), 401);
    }

}

登出小枝:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <title>{% block title %}Overzicht{% endblock %}</title>
        <link rel="icon" type="image/x-icon" href="{{ asset('favicon.ico') }}" />
    </head>
    <body>
        <p>Redirecting back....</p>
        <script>
            document.cookie = 'PHPSESSID=; Path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
            window.location.href = '{{ url('homepage') }}';
        </script>
    </body>
</html>

编辑:我使用Symfony 3.4。当我去页面/注销它看起来像它只是刷新页面。我可以看到,它去注销功能,但用户不会注销。

vom3gejh

vom3gejh1#

来自Symfony安全文档:https://symfony.com/doc/3.4/security.html#logging-out
请注意,当使用http-basic认证防火墙时,没有真实的注销方法:注销的唯一方法是让浏览器停止在每次请求时发送您的名称和密码。清除浏览器缓存或重新启动浏览器通常会有所帮助。一些Web开发工具可能也会有所帮助。
你使用的是http-basic,所以清除cookie不会起作用。所以如果你想使用该代码,你需要实现不同的身份验证并停止使用http-basic。

sq1bmfud

sq1bmfud2#

访问控制在你定义注销路径为IS_AUTHENTICATED_ANONYMOUSLY这是错误的.
请删除- { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }

编辑- { path: '^/logout', roles: [ROLE_BEHEERDER] }

jm81lzqq

jm81lzqq3#

你还没有设置防火墙

main:
        anonymous: ~

它应该类似于main:anonymous:~ secured_竞技场:pattern:^/beheerder
有这个说,每个人都可以访问“主”防火墙,你应该限制该地区
当你有它然后只是添加到防火墙以下行

logout:
            path:   /logout
            target: /

并定义/注销路由,你已经做了. Symfony将做注销自动.
您还需要指定路径检查和检查路径检查https://symfony.com/doc/current/security/custom_password_authenticator.html

x8diyxa7

x8diyxa74#

app/config/security.yml

security:
    # editor fold [...]
    firewalls:
        # editor fold [...]
        main:
            # editor fold [...]
            # add logout into the security firewall
            logout:
                path: security_logout
                target: /
    # editor fold [...]
    access_control:
        - { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
        # Not needed
        # - { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }

app/config/routing.yml

# editor fold [...]
# add logout path into main routing file
security_logout:
    path: /logout
  • 枝景酒店**
<!-- logout link -->
<a href="{{ path('security_logout') }}">Logout</a>

相关问题