4

I run first time into a problem with Symfony (2.7) authentication, where I really couldn't find a working solution. Although Symfony has a dedicated configuration option logout -> target, this gets never applied on logouts, I always get directed to /. I probably missed some constraint on implementing this correctly.

Ok, I'm using:

  • Form based login
  • Hooked custom failure, success and logout handlers, which are working perfectly

My config.yml firewall

secured_area:
        pattern:    ^/
        stateless:  false
        form_login:
            ...
        logout:
            path:   logout
            target: /test
            success_handler: logout_success_handler
        anonymous: ~

For testing I even added

access_control:
    - { path: ^/test, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/,     roles: IS_AUTHENTICATED_ANONYMOUSLY }

I'm using route-names for the paths, the route exists and are working ok (I can login, login_check and logout).

My expectation by setting logout -> target, that on logout I get redirected to the page /test. But whatever I tried, until now I'm always on / after logout.

I would be very glad, if somebody can point me into the correct direction, how to logout to a custom route (I also tried already target with a route name). Many thanks!

BTW:

My logout_success_handler does currently nothing. By enabling the dump, I just also see, that the redirection is always going to / and not to /test.

public function onLogoutSuccess(Request $request)
{
    $response = parent::onLogoutSuccess($request);

    //var_dump($response); die;

    return $response;
}
J. Hauser
  • 233
  • 1
  • 16

2 Answers2

1

There is no built in logout target. You have to handle it in your handler.

Step 1

Put your logout target into your parameters file

parameters:
    logout.target: /test

Step 2

Modify your service.yml where you've defined your logout handler to the following:

some.logout_handler:
    class: SomeBundle\Security\YourAuthenticationHandler
    arguments: ["@security.context", %logout.target%]

This will inject it into your handler.

Step 3

Finally, in your onLogoutSuccess method just do

public function onLogoutSuccess(Request $request)
{
    $response = parent::onLogoutSuccess($request);

    return new RedirectResponse($this->logoutTarget);
}
Sean
  • 1,304
  • 11
  • 26
  • This works perfect! But somebody needs to update the [SecurityBundle Configuration](http://symfony.com/doc/current/reference/configuration/security.html). This mislead me to use _logout.target_. – J. Hauser Oct 02 '15 at 10:04
  • This is also very similar to this question . – J. Hauser Oct 02 '15 at 10:16
0

And the final method for people having the same issue.

/**
 * LogoutSuccessHandler
 */
class LogoutSuccessHandler extends DefaultLogoutSuccessHandler implements LogoutSuccessHandlerInterface
{
    /**
     * @var string
     */
    private $logout_route;

    /**
     * Constructor
     * 
     * @param RouterInterface $router
     * @param EntityManager $em
     */
    public function __construct(HttpUtils $httpUtils, $logoutRoute)
    {
        $this->logout_route = $logoutRoute;

        parent::__construct( $httpUtils );
    }

    /**
     * @param Request $request
     * @return Response
     */
    public function onLogoutSuccess(Request $request)
    {
        return $this->httpUtils->createRedirectResponse($request, $this->logout_route);
    }
}

I'd like to use httpUtils as the createRedirectResponse understands paths and route-names.

Shyam Bhimani
  • 1,310
  • 1
  • 22
  • 37
J. Hauser
  • 233
  • 1
  • 16