Reputation: 2032
Symfony 2: changing user in database does not cause logout
I've followed this tutorial:
http://symfony.com/doc/current/book/security.html
using a custom User implements UserInterface class, however I've found that adjusting the password in the database (say the user changed it else on the bases they think it was comprimised), I've found that the class/Symfony simply updates the login. Only if the username is changed is the user logged out. Anyway to alter this behaviour?
Upvotes: 4
Views: 782
Answers (2)
Reputation: 70466
Using cookie based session there is no way to do this because session is stored on users computer.
You have to switch to databased sessions. So you can identify open sessions and delete them to deauthenticate users.
Upvotes: 0
Reputation: 18143
Did not understand your question. if your question is how close the user session when you change any value? can implement a routine in your action userUpdate verify that there are changes with your username and according to what you need you can restart the session or close it if that's what you want
Upvotes: 0
Related Questions
- Symfony User Logout After Role Change
- Symfony 6.0 - Force logout user in controller
- Symfony PHP Logout not working
- How can one force logout a user in Symfony?
- Symfony 4: Logout active user by admin
- Can't Logout user in Symfony4
- symfony2 logout
- How to logout a user in Symfony2
- Symfony 2 Logout
- Symfony2 logout issue