You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the new logout on user change feature the user token is set to null when a user was changed compared to the one stored in the session. Right now we cannot hook into this step to perform some more clean up tasks like what we can do on manual logouts where we can register custom logout success handler, but we would need to manually wrap the ContextListener instead.
We should find a way to allow this kind of customisation in the ContextListener too to allow for a consistent behaviour between manual and "forced" logouts.
The text was updated successfully, but these errors were encountered:
Would it count as "forced" logout when the user checker denies access on a request that would've otherwise been authenticated? Nevermind, should be all good as the user-checker is during initial authentication only.
…ge" steps in (Simperfit)
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Dispatch an event when "logout user on change" steps in
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #26902 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#11450 <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
This adds a new event when the user has been changed and has been log out from the apps, it allow someone to register to this event and do something with either to token or the refreshedUser.
Commits
-------
40e4218 [Security] Dispatch an event when "logout user on change" steps in
Uh oh!
There was an error while loading. Please reload this page.
With the new logout on user change feature the user token is set to
null
when a user was changed compared to the one stored in the session. Right now we cannot hook into this step to perform some more clean up tasks like what we can do on manual logouts where we can register custom logout success handler, but we would need to manually wrap theContextListener
instead.We should find a way to allow this kind of customisation in the
ContextListener
too to allow for a consistent behaviour between manual and "forced" logouts.The text was updated successfully, but these errors were encountered: