Symfony provides a simple way of preventing users from logging in using the isEnabled
property if the user class implements AdvancedUserInterface
.
However, if the user is logged in nothing will prevent them from accessing the website until their session expires.
The idea would be to check the isEnabled
property upon getting the user entity ($this->get('security.token_storage')->getToken()->getUser()
) and to invalidate the session then. What is the preferred way of doing so?
Or is there a better way to achieve this goal?