There is a delete_cookies
in the security configuration file: http://symfony.com/doc/current/reference/configuration/security.html
I have remember_me
enabled. Everything works fine except when an user goes to the 'logout' link (directly from the url bar), I want symfony to delete the REMEMBERME
cookie. How can I achieve that? Am I missing something?
When I go to url /app/logout
, I can see the chrome dev tools that I still have the REMEMBERME
cookie.
This is my security.yml file:
firewalls:
app_secured:
anonymous: ~
switch_user: true
pattern: ^(/$|/login$|/app/)
form_login:
login_path: login
check_path: login_check
csrf_provider: form.csrf_provider
default_target_path: index
always_use_default_target_path: true
remember_me:
key: "%secret%"
lifetime: 2592000
path: ~
domain: ~
logout:
invalidate_session: true
delete_cookies:
REMEMBERME: { path: null, domain: null}
path: logout
target: login
access_control:
- { path: ^/app/_sys/, roles: ROLE_NO_ACCESS }
- { path: ^/app/, roles: ROLE_USER }
- { path: ^/app/admin/, roles: ROLE_ADMIN }
Routing.yml
login:
path: /
defaults: { _controller: AppWebBundle:Login:login }
login_check:
path: /login_check
logout:
path: /app/logout
LoginController.php
/**
* Login controller.
* @Route("/")
*/
class LoginController extends Controller
{
/**
* Login page
* @Route("/login", name="login2")
*/
public function loginAction(Request $request){
/** Reduced for simplicity, same code as:
http://symfony.com/doc/current/book/security.html#using-a-traditional-login-form **/
return $this->render('AppWebBundle:Default:login.html.twig', ['last_username' => $lastUsername,'error'=> $error,]);
}
}
I found out that it doesn't work if you put directly the logout url into the url bar. The user has to click logout in order to work.
Creating a link
<a href="{{url('logout')}}">Logout</a>
and clicking it worked.