3

I have a little problem of logout on my admin bundle.

When I log in to admin with the In Memory, this works but I can't logout.

On the other side, logout for users works perfectly. Did I miss something ?

This is my security.yml

security:
encoders:
    Esimed\FrontBundle\Entity\Company: 
        algorithm: sha1
        encode_as_base64: false
        iterations: 1
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    companies:
        entity: { class: Esimed\FrontBundle\Entity\Company, property: email }
    in_memory:
        memory:
            users:
                admin: { password: adminpass, roles: 'ROLE_ADMIN' }

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    admin:
        pattern: ^/admin
        http_basic:
            realm: "Administration"
            provider: in_memory
        logout:
            invalidate_session: true
            path: /admin/company/logout
            target: /
        anonymous: ~

    main:
        pattern: ^/
        form_login:
            check_path: esimed_front_company_login_check
            login_path: esimed_front_company_login
        logout:
            path: /company/logout
            target: /
        anonymous: ~

access_control:
    - { path: ^/company/add$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/company/create$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/company/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/job/view/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/company/search, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/company/category-list, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/company/company-list, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/company, roles: ROLE_COMPANY }
    - { path: ^/job, roles: ROLE_COMPANY }
    - { path: ^/admin, roles: ROLE_ADMIN }
user3207586
  • 141
  • 4
  • 14

1 Answers1

3

As Elnur Abdurrakhimov states for an answer to a similar question:

Since you are using HTTP authentication, the reason might be that your browser caches your credentials and relogins automatically. Try using HTML form authentication and see if the problem persists.

Try using the following for your security.yml

admin:
    pattern: ^/admin
    provider: in_memory
    form_login:
        check_path: /check_login
        login_path: /admin/login
    logout:
        invalidate_session: true
        path: /admin/company/logout
        target: /
    anonymous: ~

...

access_control:
    - { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    ...

This way you are still able to authenticate using the in memory provider and if you want you can still have your credentials saved by the browser but logging out will destroy the cookie and session used to authenticate you and wont automatically log you back in.

Community
  • 1
  • 1
Chase
  • 9,289
  • 5
  • 51
  • 77
  • Similar answers does not mean you can copy other people's words as if they were your own. That's plagiarism, and it's simply not OK. – BoltClock Apr 12 '14 at 15:59
  • @Chausser: No because the part about browsers caching login creds doesn't belong to him, it's a fact rather than an idea. The suggestions he makes are probably his own. But what you did was copy an entire paragraph of his own words wholesale. Now that you've cited him properly it is OK. – BoltClock Apr 13 '14 at 04:43
  • invalidate_session parameter is true by default. – Etienne Gautier Jun 27 '17 at 08:12