From f2bfba1b11a63b7259cd42908c98c8848cc6855e Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Fri, 27 Mar 2020 11:37:19 +0100 Subject: [PATCH 1/2] Explaining default logout path The existing code sample `path: app_logout` is wrong, since you don't have to pass the route's *name*, but rather its `path` (i.e. `/logout`)! Please double-check the XML and PHP config - I merely guessed those. Thanks to https://github.com/symfony/symfony-docs/pull/13424#pullrequestreview-382660747 --- security.rst | 73 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/security.rst b/security.rst index 5aa5000b9cb..e16b6dcd582 100644 --- a/security.rst +++ b/security.rst @@ -768,6 +768,60 @@ Logging Out To enable logging out, activate the ``logout`` config parameter under your firewall: +.. configuration-block:: + + .. code-block:: yaml + + # config/packages/security.yaml + security: + # ... + + firewalls: + main: + # ... + logout: ~ + + .. code-block:: xml + + + + + + + + + + + + + + + + .. code-block:: php + + // config/packages/security.php + $container->loadFromExtension('security', [ + // ... + + 'firewalls' => [ + 'secured_area' => [ + // ... + 'logout' => [], + ], + ], + ]); + + +And that's it! By sending a user to ``/logout``, Symfony will un-authenticate +the current user. + +If you want to change the path from the default ``/logout`` to a custom url, +you need to set the `path` option *and* setup a matching route like this: + .. configuration-block:: .. code-block:: yaml @@ -780,7 +834,7 @@ To enable logging out, activate the ``logout`` config parameter under your fire main: # ... logout: - path: app_logout + path: /my-logout # where to redirect after logout # target: app_any_route @@ -800,7 +854,7 @@ To enable logging out, activate the ``logout`` config parameter under your fire - + @@ -814,12 +868,12 @@ To enable logging out, activate the ``logout`` config parameter under your fire 'firewalls' => [ 'secured_area' => [ // ... - 'logout' => ['path' => 'app_logout'], + 'logout' => ['path' => '/my-logout'], ], ], ]); -Next, you'll need to create a route for this URL (but not a controller): +Now you need to create a route for this URL (but not a controller): .. configuration-block:: @@ -834,7 +888,7 @@ Next, you'll need to create a route for this URL (but not a controller): class SecurityController extends AbstractController { /** - * @Route("/logout", name="app_logout", methods={"GET"}) + * @Route("/my-logout", name="app_logout", methods={"GET"}) */ public function logout() { @@ -847,7 +901,7 @@ Next, you'll need to create a route for this URL (but not a controller): # config/routes.yaml app_logout: - path: /logout + path: /my-logout methods: GET .. code-block:: xml @@ -859,7 +913,7 @@ Next, you'll need to create a route for this URL (but not a controller): xsi:schemaLocation="http://symfony.com/schema/routing https://symfony.com/schema/routing/routing-1.0.xsd"> - + .. code-block:: php @@ -868,14 +922,11 @@ Next, you'll need to create a route for this URL (but not a controller): use Symfony\Component\Routing\Loader\Configurator\RoutingConfigurator; return function (RoutingConfigurator $routes) { - $routes->add('logout', '/logout') + $routes->add('app_logout', '/my-logout') ->methods(['GET']) ; }; -And that's it! By sending a user to the ``app_logout`` route (i.e. to ``/logout``) -Symfony will un-authenticate the current user and redirect them. - .. tip:: Need more control of what happens after logout? Add a ``success_handler`` key From 5bb83b586cdbf001f2245bcaf7289222180c92a7 Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Fri, 27 Mar 2020 11:46:52 +0100 Subject: [PATCH 2/2] Update security.rst Fixing https://github.com/symfony/symfony-docs/runs/539092019 --- security.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security.rst b/security.rst index e16b6dcd582..63a9025f43c 100644 --- a/security.rst +++ b/security.rst @@ -796,7 +796,7 @@ To enable logging out, activate the ``logout`` config parameter under your fire - +