4 Answers

  1. Leander- Reply

    2019-11-15

    Logout in Symfony2 is handled by so called logout handler which is just a lister that is executed when URL match pattern from security configuration, ie. if URL is let's say /logout then this listener is executed. There are two build-in logout handlers:

    1. CookieClearingLogoutHandler which simply clears all cookies.
    2. SessionLogoutHandler which invalidates the session

    All you have to do is the very same the last one does. You can achieve it by simply calling:

    Legacy Symfony

    $this->get('security.context')->setToken(null);
    $this->get('request')->getSession()->invalidate();
    

    Symfony 2.6

    $this->get('security.token_storage')->setToken(null);
    $this->get('request')->getSession()->invalidate();
    

    Warning

    This will only work when remember me functionality is disabled. In other case, user will be logged in back again by means of a remember me cookie with the next request.

    Please consider the extended solution if you are using remember me functionality:

  2. Lee- Reply

    2019-11-15

    Invalidating the user session might cause some unwanted results. Symfony's firewall has a listener that checks and refreshes the user's token always. You might just do a redirect to the default logout route that you have specified in your firewall.yml

    In Controller you can do this:

    $this->redirect( $this->generateUrl( 'your_logout_url' ) );
    

    if you don't know the name of the logout route. You can check it in console:

    app/console router:match /logout
    

    this command will give you the route name that you will need.

    :)

  3. Leo- Reply

    2019-11-15

    We have to set user as an anonymous user when logging out. Then we can use
    $token->getUser()->getRoles(); in controller or {% if is_granted('ROLE_USER') %} in the twig template.

    use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
    ...
    //$providerKey = $this->container->getParameter('fos_user.firewall_name');
    $token = new AnonymousToken($providerKey, 'anon.');
    $this->get('security.context')->setToken($token);
    $this->get('request')->getSession()->invalidate();
    
  4. Leonard- Reply

    2019-11-15

    If rememberme functionality is enabled for your site you should also clean rememberme cookie:

        $this->get('security.context')->setToken(null);
        $this->get('request')->getSession()->invalidate();
    
        $response = new RedirectResponse($this->generateUrl('dn_send_me_the_bundle_confirm', array(
                    'token' => $token
                    )));
        // Clearing the cookies.
        $cookieNames = [
            $this->container->getParameter('session.name'),
            $this->container->getParameter('session.remember_me.name'),
        ];
        foreach ($cookieNames as $cookieName) {
            $response->headers->clearCookie($cookieName);
        }
    

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>