Slava Fomin II Slava Fomin II - 14 days ago 9
PHP Question

Log user out in Symfony 2 application when "remember me" is enabled

I'm looking for a way to log user out of Symfony 2 application, but could not find a way to do it properly.

I've tried an approach described here:
Symfony2: how to log user out manually in controller?

$this->get('security.context')->setToken(null);
$this->get('request')->getSession()->invalidate();


It's working fine when "remember me" is disabled, however, when I enable it, it's not working. It looks like user is automatically re-authenticated back again by this cookie.

remember_me:
key: "%secret%"
lifetime: 31536000
path: /
domain: ~
always_remember_me: true


What is the proper way to log user out of Symfony 2 application? Do I need to additionally delete this cookie from server-side?

Answer

You may have to call the session-storage's save() (Documentation) method explicitly.

Force the session to be saved and closed.

Further you can request to delete the session- and/or remember_me-cookies via response headers.

The session-cookie's name is configured as the container-parameter framework.session.name and defaults to the session.name value from your php.ini.

$cookieName = $this->container->getParameter('framework.session.name');
$response->headers->clearCookie( $cookieName );

The remember_me-cookie's name can be configured in your security configuration.

security:
    firewalls:
        your_firewall:
            remember_me: 
                name: neverforget # <- cookie-name