doulai7239 2015-06-29 19:42
浏览 71
已采纳

如何在Symfony中注销被禁止的用户?

Symfony provides a simple way of preventing users from logging in using the isEnabled property if the user class implements AdvancedUserInterface.

However, if the user is logged in nothing will prevent them from accessing the website until their session expires.

The idea would be to check the isEnabled property upon getting the user entity ($this->get('security.token_storage')->getToken()->getUser()) and to invalidate the session then. What is the preferred way of doing so?

Or is there a better way to achieve this goal?

  • 写回答

4条回答 默认 最新

  • duanshang9426 2015-06-30 08:06
    关注

    You can set the following in your security.yml:

    security:
    always_authenticate_before_granting: true

    This will always re-authenticate a user before storing the information into the token. It will take care of these kind of changes in the user configuration, but also things like changed roles etc..

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 再不同版本的系统上,TCP传输速度不一致
  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程