會話過期時，如何強制用戶註銷？

Question

我試圖強迫用戶時已經過期的會話成爲註銷，但我不能訪問會話的時間在這裏

namespace mio\mioBundle; 

use Symfony\Component\HttpFoundation\Response; 
use Symfony\Component\HttpFoundation\RedirectResponse; 
use Symfony\Component\HttpKernel\HttpKernelInterface; 
use Symfony\Component\HttpKernel\Event\GetResponseEvent; 
use Symfony\Bundle\FrameworkBundle\Routing\Router; 
use Symfony\Component\Routing\RouterInterface; 
use Symfony\Component\Security\Core\SecurityContext; 
use Symfony\Component\HttpFoundation\Request; 

class RequestListener{ 

    protected $router; 
    protected $security; 

    public function __construct(RouterInterface $router, SecurityContext $security) 
    { 
     $this->router = $router; 
     $this->security = $security; 
    } 

    public function onKernelRequest(GetResponseEvent $event) 
    { 
     echo $event->getRequest()->getSession()->('timeout'); 
    } 
} 

---

你好我離開配置文件security.yml。

security: 

    firewalls: 
     frontend: 
      pattern: ^/ 
      anonymous: ~ 
      form_login: 
       login_path: /login 
       check_path: /login_check 
       default_target_path: /index 
       success_handler: authentication_handler 
      logout: 
       path: /logout 
       target: /login 
       success_handler: authentication_handler 
      security: true 
      remember_me: 
       key:  loksea 
       lifetime: 1800 
       path: /
      access_denied_handler: accessdenied_handler 
      #primero deben de ir los usuarios anonimos si no se entra en loop redirect 
    access_control: 
     - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/pruebita, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/js, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/admin, roles: ROLE_A } 
     - { path: ^/nuevoinforme, roles: ROLE_M } 
     - { path: ^/, roles: IS_AUTHENTICATED_REMEMBERED } 

    providers: 
     user_db: 
      entity: { class: mio\mioBundle\Entity\Empleado, property: username } 
    role_hierarchy: 
     ROLE_M: ROLE_U 
     ROLE_A: ROLE_U 

    encoders: 
     mio\mioBundle\Entity\Empleado: { algorithm: sha1 } 
     Symfony\Component\Security\Core\User\User: plaintext 

當會話結束後要求我再次登錄，但不是用戶註銷。我有一個聽衆保存退出如此：

public function onLogoutSuccess(Request $request){ 
     $empleado = $this->security->getToken()->getUser(); 
     $log = new Log(); 
     $log->setFechalog(new \DateTime('now')); 
     $log->setTipo("Salida"); 
     $log->setEmpleado($empleado); 
     $this->em->persist($log); 
     $this->em->flush(); 
} 

會話結束時你會調用這個方法嗎？謝謝。

Answer 1

您需要在security.yml配置文件中配置此行爲，並且它應該自動工作。

瞧

Answer 2

告訴我，如果我是正確的，你需要執行你的方法「onLogoutSuccess」當用戶註銷？ 所以註銷過程運作良好，對吧？

要明確註銷，您是否嘗試過會話對象的「clear（）」方法？

Answer 3

我有同樣的問題，但我設法創建一個偵聽器，當用戶達到最大空閒時間時引發CredentialsExpiredException。
空閒時間過長的用戶將被重定向到登錄/註銷頁面（針對您的情況，通過查看您的註銷目標來查看其「/ login」）。
這就是我解決問題的方法。

namespace mio\mioBundle; 

use Symfony\Component\HttpKernel\Event\GetResponseEvent; 
use Symfony\Component\DependencyInjection\Container; 
use Symfony\Component\Security\Core\Exception\CredentialsExpiredException; 

class RequestListener{ 

    protected $container; 

    public function __construct(Container $container) 
    { 
     $this->container = $container; 
    } 

    public function onKernelRequest(GetResponseEvent $event) 
    { 
     $session = $this->container->get('session'); 
     $maxTime = 5*60; //5 minutes is the maximum lifetime 

     // Get the current idle time and compare it with the max allowed time 
     if (time() - $session->getMetadataBag()->getLastUsed() > $maxTime) { 
      //Invalidate the current session and throw an exception 
      $session->invalidate(); 
      throw new CredentialsExpiredException(); 
     } 
    } 
} 

這應該是它。如果您還有其他問題，請告訴我！