diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2011-11-07 23:19:37 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2011-11-07 23:19:37 +0100 |
| commit | 8111c97f9d6d24844ecdb65b8e2854e863470eed (patch) | |
| tree | cab1500ca12bec0956622e886ccedf1e5ab2eb10 | |
| parent | 7756322a47567b001e84c884af89a93a748cc858 (diff) | |
| parent | 94c93a43d841b5d9dfcdce4f88e7a6bc64f32c68 (diff) | |
| download | symfony-security-8111c97f9d6d24844ecdb65b8e2854e863470eed.zip symfony-security-8111c97f9d6d24844ecdb65b8e2854e863470eed.tar.gz symfony-security-8111c97f9d6d24844ecdb65b8e2854e863470eed.tar.bz2 | |
merged branch dpb587/patch-sectok (PR #2414)
Commits
-------
ab9caa0 [Security] Check for request's session before attempting writes.
dabff0e [Security] Support removing tokens from a session.
Discussion
----------
[Security] Support removing tokens from a session.
Currently there is no way to remove a session's security token without invalidating the entire session and all its data (the ContextListener will only update the session if a token is non-null and non-anonymous). This patch fixes that.
I consider this a bug and I found no tests to prove otherwise. Let me know if I'm mistaken. Originally mentioned at https://groups.google.com/d/topic/symfony-devs/ojLvh0WUbfo/discussion
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
---------------------------------------------------------------------------
by ms937 at 2011/10/24 05:19:21 -0700
This change looks good to me. In fact I'm using similar patch in my app and it works as intended. Also, several other people requested this on the mailing list. Could someone from Symfony team merge this? Thanks.
| -rw-r--r-- | Http/Firewall/ContextListener.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/Http/Firewall/ContextListener.php b/Http/Firewall/ContextListener.php index 6fb77e9..5f94e43 100644 --- a/Http/Firewall/ContextListener.php +++ b/Http/Firewall/ContextListener.php @@ -93,19 +93,19 @@ class ContextListener implements ListenerInterface return; } - if (null === $token = $this->context->getToken()) { - return; + if (null !== $this->logger) { + $this->logger->debug('Write SecurityContext in the session'); } - if (null === $token || $token instanceof AnonymousToken) { + if (null === $session = $event->getRequest()->getSession()) { return; } - if (null !== $this->logger) { - $this->logger->debug('Write SecurityContext in the session'); + if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) { + $session->remove('_security_'.$this->contextKey); + } else { + $session->set('_security_'.$this->contextKey, serialize($token)); } - - $event->getRequest()->getSession()->set('_security_'.$this->contextKey, serialize($token)); } /** |