Reputation: 13321
Cannot logout with Symfony 4
I cannot logout a user.
I ported custom user management logic over to a Symfony 4 project. It uses recipes for security and guard.
Here is the logout config in my main firewall:
logout:
path: /logout
target: /
Result:
- User goes to /logout
- User is redirected to /
- is_granted("IS_AUTHENTICATED_REMEMBERED") continues to return true in my template (false is expected)
Other Considerations:
- The firewall entry is getting triggered because I get errors if I remove it
- I have tried adding additional parameters to logout to destroy the session and cookies, however that made no difference
- Logging in works fine
Any idea on how to troubleshoot this?
:: edit - added security.yaml as requested ::
security:
encoders:
App\Entity\User: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
app_users:
entity: { class: App\Entity\User, property: email }
app_oauth:
id: app.oauth_user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
provider: app_users
anonymous: ~
oauth:
resource_owners:
google: "/login/check-google"
default_target_path: /
login_path: /
failure_path: /login
oauth_user_provider:
service: app.oauth_user_provider
remember_me:
secret: "%env(APP_SECRET)%"
lifetime: 2592000
path: /
guard:
authenticators:
- App\Security\LoginFormAuthenticator
entry_point: App\Security\LoginFormAuthenticator
logout:
path: /logout
target: /
switch_user: ~
Upvotes: 5
Views: 14870
Answers (4)
Reputation: 69
Check your routes with php bin/console debug:router.
For me the security_logout created in the security controller was being called first. I simple removed the function from security controller and it worked (remove the annotation too)
Upvotes: 0
Reputation: 473
See my answer to the same problem here
I'll repeat what worked for me:
If you follow the instructions at Symfony Security Logging Out, make sure you use the proper route name to get to /logout. I had to use 'app_logout' to actually get it to logout and I was not able to change that path name in the Security.yaml file without also modifying the controller annotations (see below). No controller needed. No custom handler needed (thank god).
After you configure logout, try running php bin/console debug:router to check the actual route to /logout.
The logout part of my Security.yaml looked like this:
logout:
path: app_logout
# where to redirect after logout
target: front
Based on instructions, I added an empty controller (if you want custom path names, you'll have to change the path names here plus add the change to Security.yaml):
<?php
//App/Controller/SecurityController.php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
class SecurityController extends AbstractController
{
/**
* @Route("/logout", name="app_logout")
*/
public function logout()
{
throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
}
}
My call looked like this:
<a class="nav-link" href="{{ path('app_logout') }}">Logout</a>
Upvotes: 0
Reputation: 193
Add these commands
In security.yaml
logout:
path: /logout
target: /
invalidate_session: true
In controller
/**
* @Route("/logout", name="logout")
*/
public function logout()
{
}
In logout button
<a class="text-muted" href="{{ path('logout') }}">logout </a>
Upvotes: 6
Reputation: 26
Check the serialize and unserialize methods for field $this->email in App\Entity\User.
Upvotes: 1
Related Questions
- Symfony PHP Logout not working
- Symfony custom logout
- Can't Logout user in Symfony4
- Symfony 3 logout doesn't work
- symfony2 logout
- I cannot clear my session after logout in symfony2
- symfony logout target never applied
- Symfony 2 Logout
- Can't logout from In Memory login on Symfony 2
- Symfony2 logout issue