From 1cb9a74057c8cbd5ffc26ba6bf042e29187244fe Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 6 Jul 2012 15:59:17 +0200 Subject: [PATCH] [Security] fixed automatic registration of the response listener when creating the listener This is not a problem with Symfony, but when using the component standalone (Silex for instance), the context listener might be instantiated even if the firewall does not need to be fired. In that case, the handle() method is not called, but the response listener is called, which means that en empty token is stored in the session. For Silex, it means that when authenticated, if you visit a 404 page, you would be disconnected automatically. --- .../Security/Http/Firewall/ContextListener.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php index 423ccb272e..bb1e3089ea 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php @@ -37,6 +37,7 @@ class ContextListener implements ListenerInterface private $contextKey; private $logger; private $userProviders; + private $dispatcher; public function __construct(SecurityContextInterface $context, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { @@ -54,10 +55,7 @@ class ContextListener implements ListenerInterface $this->userProviders = $userProviders; $this->contextKey = $contextKey; $this->logger = $logger; - - if (null !== $dispatcher) { - $dispatcher->addListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse')); - } + $this->dispatcher = $dispatcher; } /** @@ -67,6 +65,10 @@ class ContextListener implements ListenerInterface */ public function handle(GetResponseEvent $event) { + if (null !== $this->dispatcher && HttpKernelInterface::MASTER_REQUEST === $event->getRequestType()) { + $this->dispatcher->addListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse')); + } + $request = $event->getRequest(); $session = $request->hasPreviousSession() ? $request->getSession() : null;