symfony2 session auto_start

时间:2012-09-25 08:04:10

标签: session symfony

我想在之前执行登录时启动会话。

我发现,当我在表单中使用它时,teh csrf令牌也会启动会话。

现在我禁用了csrf令牌,但系统也启动了一个会话。

symfony2的哪些部分也在创建会话?

如何使用xdebug在我的应用程序中检测到正确的聚会? 我把断点放在Session.class中,但是xdebug在这一点上永远不会停止。

非常感谢。

我正在使用symfony 2.0。

这是我的config.yml部分

session:
    default_locale: %locale%
    lifetime: %session_lifetime%        
    path: /
    domain: %session_authdomain%            
    name: sid
    auto_start: false

这是我的security.yml 

security:
encoders:        
    Danke\ForumBundle\Entity\Forumuser: sha512
    Danke\ForumBundle\Entity\Admin: sha512

role_hierarchy:
    ROLE_MODERATOR: [ROLE_MANAGE_DEAL, ROLE_MANAGE_COMMENT]
    ROLE_ADMIN: [ROLE_MODERATOR, ROLE_MANAGE_CATEGORY, ROLE_MANAGE_AFFILIATELINK, ROLE_MANAGE_FORUMUSER, ROLE_MANAGE_BADLINK, ROLE_MANAGE_BADWORD]
    ROLE_SUPERADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH,  ROLE_MANAGE_EXCLUSIVEDEAL, ROLE_MANAGE_ADMIN]

providers:
    forumuser:
        providers: u_email, u_username
    u_email:
      entity: { class: Danke\ForumBundle\Entity\Forumuser, property: email }
    u_username:
      entity: { class: Danke\ForumBundle\Entity\Forumuser, property: username }
    admin:
        providers: a_email, a_username
    a_email:
      entity: { class: Danke\ForumBundle\Entity\Admin, property: email }
    a_username:
      entity: { class: Danke\ForumBundle\Entity\Admin, property: username }


firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    admin:
      # since anonymous is allowed users will not be forced to login
      pattern:   /admin/
      form_login:
        provider: admin
        login_path:  /admin
        check_path:  /admin/login
        always_use_default_target_path: true
        default_target_path: /admin/deal
      anonymous: false
      logout:
            path:   /admin/logout
            target: /admin

    public:
      # since anonymous is allowed users will not be forced to login
      pattern:   ^/.*          
      form_login:
        provider: forumuser
        login_path:  /login
        check_path:  /login_check/form
        #default_target_path: has to be declard in AuthenticationHandler
        success_handler: danke.forum.listener.authenticationhandler
        failure_handler: danke.forum.listener.authenticationhandler
      anonymous: true
      logout: true

access_control:
  //some access Control pages

1 个答案:

答案 0 :(得分:5)

在公共防火墙中,禁用匿名身份验证,因为它需要会话来识别未登录的用户。

您可以替换为:

firewalls:
    public:
      # since anonymous is allowed users will not be forced to login
      pattern:   ^/.*   
      security: false
相关问题
最新问题