dongzangchui2072 2018-06-20 15:10
浏览 70

Symfony防火墙登录:如何在无效之前访问上一个会话

I am running a Symfony 2.8 based webpage which uses the FOSUserBundle. When the user switches from the public part of the webpage to the private part by logging in, the session is invalided (PHPSESSID changes). Thus after logging in it it not possible any more to access the session which was used on the public part.

In the Symfony docs I found information about the invalidate_session in the logout config.

While it makes sense to clean the session data when logging out, I do not understand what's the reason to the same when logging in.

Question 1: Is there an option to prevent Symfony from invalidating the session when logging in?

Even if there an option to change this behavior I would preferr to keep it this way (to prevent any unforeseen side effects). This brings us to the second question:

Question 2: Is there any event or other way that can be used to access the public session before it gets invalidated during the login process?

The Firewall.php uses an onKernelRequest handler with priority 8 to run its authentication methods. Thus I tried to use my on own onKernelRequest handler with a higher priority to access the session first, but this did not work out. I get only access to the new session.

How to solve this?

  • 写回答

1条回答 默认 最新

  • dousi1097 2018-06-20 15:34
    关注

    You should implement an EventSubscriber and subscribe to the events SecurityEvents::INTERACTIVE_LOGIN and FOSUserEvents::REGISTRATION_COMPLETED. At that point the public session is not yet invalidated and you can get the user from the event.

    namespace AppBundle\EventListener;

use Symfony\Component\Security\Http\SecurityEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use FOS\UserBundle\FOSUserEvents;
use FOS\UserBundle\Event\FilterUserResponseEvent;

class YourCustomListener implements EventSubscriberInterface
{

    public static function getSubscribedEvents()
    {
        return [
            SecurityEvents::INTERACTIVE_LOGIN => 'onUserAuthentication',
            FOSUserEvents::REGISTRATION_COMPLETED => ['onUserRegistration', -10]
        ];
    }

    public function onUserAuthentication(InteractiveLoginEvent $event): void
    {
        $user = $event->getAuthenticationToken()->getUser();
        $this->yourFuntionUsingTheSessionHere($user);
    }

    public function onUserRegistration(FilterUserResponseEvent $event): void
    {
        $user = $event->getUser();
        $this->yourFunctionUsingTheSessionHere($user);
    }

    private function yourFunctionUsingTheSessionHere(User $user): void
    {
        // do your thing here
        // I don't know if Eventsubscribers are containeraware maybe you need to inject the container or Symfony\Component\HttpFoundation\Session\SessionInterface to have access to the session
    }
}
    评论

报告相同问题?

悬赏问题

  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比
  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据