我有一个基于symfony 2.8的应用程序,每个新会话的每个页面请求都会创建。
例如 如果/ api / check被调用了1000次,则将不必要地创建1000个会话。
防火墙: #禁用资产和事件探查器的身份验证,根据需要进行调整 开发人员: 模式:^ /(_(profiler | wdt)| css | images | js)/ 安全性:错误
api:
pattern: /api/
anonymous: ~
stateless: true
main:
pattern: ^/
form_login:
# the user is redirected here when needed to log in
login_path: security_login_register # URL: /willkommen
# login handler via FOSUserBundle
provider: fos_userbundle
# name of input field of csrf token
csrf_parameter: _csrf_token
# token provider
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
# DIRECTION OPTIONS:
# /vendor/symfony/symfony/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
# OPTION 1: if set true, redirect always to default_target_path after login
# DEFAULT: false
always_use_default_target_path: false # DEFAULT: false
default_target_path: profile_order_list # URL: /profile/orders
# OPTION 2: if option 1 not enabled, the URL of _target_path will be used for redirection
# name of input field for redirection for form_login
target_path_parameter: _target_path
# OPTIONS 3: if option 1, 2 not enabled and user_refer is true, URL from $request->headers->get('Referer')
# will be used for redirection
# disabled using header referrer
use_referer: false # DEFAULT: false
# OPTION 4: if nothing found, URL of default_target_path will be used for redirection
# do not remeber_me with higher security
remember_me: false
logout:
path: fos_user_security_logout
target: homepage # URL: /
anonymous: true
switch_user: true
以上代码块在安全配置中不起作用。我试图使/ api路由变为无状态,但不起作用,知道吗?