Symfony 无限循环导致 ERR_TOO_MANY_REDIRECTS 错误

Symfony infinite loop leading to ERR_TOO_MANY_REDIRECTS error

我想实现一个 Remember me 功能。因为我没有得到任何自定义验证器,所以我添加了一个。 添加后,我遇到了一些关于重定向的问题。在导航器上,该页面在“登录”页面和我的目标页面之间循环。

这个循环结束于

ERR_TOO_MANY_REDIRECTS error.

此错误仅发生在要求用户登录的页面上。

Symfony 版本:5.4.


security.yaml

security:
    password_hashers:
        App\Entity\User: 'auto'

       Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
            algorithm: 'auto'
            cost:      15

    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

    enable_authenticator_manager: true

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            provider: app_user_provider
            custom_authenticators:
                - App\Security\CustomAuthenticator
            form_login:
                login_path: app_login
                check_path: app_login
                use_referer: true
            logout:
                path: app_logout
                target: index
            user_checker: App\Security\UserChecker

            remember_me:
                secret: '%kernel.secret%' # required
                lifetime: 604800 # 1 week in seconds
                signature_properties: ['password']
                
        secured_area:
            form_login:
                enable_csrf: true

    access_control:
        - { path: '^/admin',           roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/tableau-de-bord', roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/profil',          roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/dashboard',       roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/profile',         roles: IS_AUTHENTICATED_FULLY }

access_control 部分,尝试将 IS_AUTHENTICATED_FULLY 替换为 IS_AUTHENTICATED_REMEMBERED:

security.yaml

security:
    ...
    access_control:
        - { path: '^/admin',           roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/tableau-de-bord', roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/profil',          roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/dashboard',       roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/profile',         roles: IS_AUTHENTICATED_REMEMBERED }

来自doc

IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.