diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clear session cookie if user was deleted, is disabled or locked to prevent infinite redirect loops to the login path (fixes #1798).

Browse Source
This commit is contained in:
H. Westphal 2011-10-31 21:27:23 +01:00
parent 9dbe782d4f
commit 348bccbbca
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
View File

@ -16,6 +16,7 @@ use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
use Symfony\Component\Security\Core\Exception\AccountStatusException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException;
@ -158,7 +159,15 @@ class ExceptionListener
$this->setTargetPath($request);
return $this->authenticationEntryPoint->start($request, $authException);
$response = $this->authenticationEntryPoint->start($request, $authException);
if ($authException instanceof AccountStatusException && $response instanceof Response) {
// clear the session cookie to prevent infinite redirect loops
$cookieParams = session_get_cookie_params();
$response->headers->clearCookie(session_name(), $cookieParams['path'], $cookieParams['domain']);
}
return $response;
}
protected function setTargetPath(Request $request)