安全配置文件中有delete_cookies:http://symfony.com/doc/current/reference/configuration/security.html
我启用了remember_me。一切正常,除非用户进入“注销”链接(直接从网址栏),我希望symfony删除REMEMBERME cookie。我怎样才能做到这一点?我错过了什么吗?
当我转到网址/app/logout时,我可以看到Chrome开发工具,我仍然拥有REMEMBERME Cookie。
这是我的 security.yml 文件:
firewalls:
app_secured:
anonymous: ~
switch_user: true
pattern: ^(/$|/login$|/app/)
form_login:
login_path: login
check_path: login_check
csrf_provider: form.csrf_provider
default_target_path: index
always_use_default_target_path: true
remember_me:
key: "%secret%"
lifetime: 2592000
path: ~
domain: ~
logout:
invalidate_session: true
delete_cookies:
REMEMBERME: { path: null, domain: null}
path: logout
target: login
access_control:
- { path: ^/app/_sys/, roles: ROLE_NO_ACCESS }
- { path: ^/app/, roles: ROLE_USER }
- { path: ^/app/admin/, roles: ROLE_ADMIN }
的routing.yml
login:
path: /
defaults: { _controller: AppWebBundle:Login:login }
login_check:
path: /login_check
logout:
path: /app/logout
LoginController.php
/**
* Login controller.
* @Route("/")
*/
class LoginController extends Controller
{
/**
* Login page
* @Route("/login", name="login2")
*/
public function loginAction(Request $request){
/** Reduced for simplicity, same code as:
http://symfony.com/doc/current/book/security.html#using-a-traditional-login-form **/
return $this->render('AppWebBundle:Default:login.html.twig', ['last_username' => $lastUsername,'error'=> $error,]);
}
}
答案 0 :(得分:5)
$response = new Response();
$response->headers->clearCookie('REMEMBERME');
$response->send();
您可以在控制器中删除cookie
答案 1 :(得分:1)
我发现,如果直接将注销网址放入网址栏,它就无效。用户必须单击“注销”才能工作。
创建链接<a href="{{url('logout')}}">Logout</a>并点击它就可以了。