Thanks to visit codestin.com
Credit goes to github.com

Skip to content

TokenStorage: setToken->(null) does not logout user with remember-me feature on #47156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Jean-Gian opened this issue Aug 2, 2022 · 1 comment
Closed

TokenStorage: setToken->(null) does not logout user with remember-me feature on #47156

Jean-Gian opened this issue Aug 2, 2022 · 1 comment
Labels
Bug Security Status: Needs Review

Comments

@Jean-Gian
Copy link

Jean-Gian commented Aug 2, 2022
edited
Loading

Symfony version(s) affected

6.1

Description

When i need to programmatically logout a user from a controller i use:
setToken(null) from this interface Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface

This logs a user out correctly only if the remember-me feature is not active and the REMEMBERME token is not set.
If a user is logged-in via the remember-me feature, logout doesn't happen.

I think this can be considered a bug, unless there are 2 different ways of logging out a user based on the type of login: regular or with remember-me. But in any case, there should be a single way to logout user regardless the type of login used.

How to reproduce

Something like this in a controller:

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class ReproduceBugController extends AbstractController
{
    #[Route('/reproduce/bug', name: 'app_reproduce_bug')]
    public function index(TokenStorageInterface $tokenStorage): Response
    {
        $tokenStorage->setToken(null);
        return $this->redirectToRoute('app_reproduce_bug');
    }
}

Possible Solution

No response

Additional Context

No response
@Jean-Gian Jean-Gian added the Bug label Aug 2, 2022
@chalasr
Copy link
Member

chalasr commented Aug 2, 2022

Yes, programmatic logout is a bit more involving. That's not a bug.
We've just merged #41406 for that so please have a look to take what you need until it's released.

@chalasr chalasr closed this as completed Aug 2, 2022
@xabbuh xabbuh added the Security label Aug 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Security Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xabbuh @chalasr @carsonbot @Jean-Gian