在 FOSUserBundle 中注销不会 destroy/clear 正确会话
Logout does not destroy/clear session properly in FOSUserBundle
我遇到了一些问题,不知道为什么,当我从由 FOSUserBundle 处理的应用程序注销时,因为当前会话从未被破坏甚至清除,这在我重新登录时导致问题,因为我存储了一些会话中的数据。这就是我的 security.yml 的样子:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
default_target_path: home
always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: /
invalidate_session: false
anonymous: ~
access_control:
...
这就是 session 键在 config.yml 的配置方式:
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
cookie_lifetime: 86400
gc_maxlifetime: 600 # session will expire after 10 minutes of inactivity
gc_probability: 1
gc_divisor: 1
我还漏掉了什么?
作为这个问题的第二部分,我有一个很大的疑问,因为这对我来说是新事物,而且它与 Symfony2 中垃圾收集的工作方式有关?我正在阅读 docs around it but is not clear to me and also I don't know if this is the cause because session isn't destroyed properly when I logout from the application. Any explanation around this? If I'm not mistaken my application will logout users, automatically, when 10 min pass without do nothing, meaning inactivity, I'm right? But how or what the GC part do on this config? I take that configuration from this 个主题,但还不明白那个主题。
作为补充说明,我正在私下使用 Firefox|Chrome windows,因此不应存在来自浏览器的缓存。
security.yml 文件中的 invalidate_session 选项默认设置为 true,在您的配置中其 false,请尝试将其更改为 true。
为了澄清,这里是来自 SecurityExtension.php
的代码
if (true === $firewall['logout']['invalidate_session'] && false === $firewall['stateless']) {
$listener->addMethodCall('addHandler', array(new Reference('security.logout.handler.session')));
}
和'security.logout.handler.session':
public function logout(Request $request, Response $response, TokenInterface $token)
{
$request->getSession()->invalidate();
}
.....
我遇到了一些问题,不知道为什么,当我从由 FOSUserBundle 处理的应用程序注销时,因为当前会话从未被破坏甚至清除,这在我重新登录时导致问题,因为我存储了一些会话中的数据。这就是我的 security.yml 的样子:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
default_target_path: home
always_use_default_target_path: true
logout:
path: fos_user_security_logout
target: /
invalidate_session: false
anonymous: ~
access_control:
...
这就是 session 键在 config.yml 的配置方式:
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
cookie_lifetime: 86400
gc_maxlifetime: 600 # session will expire after 10 minutes of inactivity
gc_probability: 1
gc_divisor: 1
我还漏掉了什么?
作为这个问题的第二部分,我有一个很大的疑问,因为这对我来说是新事物,而且它与 Symfony2 中垃圾收集的工作方式有关?我正在阅读 docs around it but is not clear to me and also I don't know if this is the cause because session isn't destroyed properly when I logout from the application. Any explanation around this? If I'm not mistaken my application will logout users, automatically, when 10 min pass without do nothing, meaning inactivity, I'm right? But how or what the GC part do on this config? I take that configuration from this 个主题,但还不明白那个主题。
作为补充说明,我正在私下使用 Firefox|Chrome windows,因此不应存在来自浏览器的缓存。
invalidate_session 选项默认设置为 true,在您的配置中其 false,请尝试将其更改为 true。
为了澄清,这里是来自 SecurityExtension.php
if (true === $firewall['logout']['invalidate_session'] && false === $firewall['stateless']) {
$listener->addMethodCall('addHandler', array(new Reference('security.logout.handler.session')));
}
和'security.logout.handler.session':
public function logout(Request $request, Response $response, TokenInterface $token)
{
$request->getSession()->invalidate();
}
.....