diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-05-14 16:41:07 +0200 |
|---|---|---|
| committer | Johannes Schmitt <schmittjoh@gmail.com> | 2011-05-14 16:41:18 +0200 |
| commit | abcfb6cc50b5d8bfa766c2ad344df296d4a704e0 (patch) | |
| tree | 09fb6ee1e922c8e283d3bf69f2a1b397be9ed7d8 | |
| parent | 1f646e86a8e3f4667906510041d5426931f75a6f (diff) | |
| download | symfony-security-abcfb6cc50b5d8bfa766c2ad344df296d4a704e0.zip symfony-security-abcfb6cc50b5d8bfa766c2ad344df296d4a704e0.tar.gz symfony-security-abcfb6cc50b5d8bfa766c2ad344df296d4a704e0.tar.bz2 | |
[Security/Http] better error message when session times out, or cookies are disabled
| -rw-r--r-- | Core/Exception/SessionUnavailableException.php | 27 | ||||
| -rw-r--r-- | Http/Firewall/AbstractAuthenticationListener.php | 9 |
2 files changed, 36 insertions, 0 deletions
diff --git a/Core/Exception/SessionUnavailableException.php b/Core/Exception/SessionUnavailableException.php new file mode 100644 index 0000000..a00c897 --- /dev/null +++ b/Core/Exception/SessionUnavailableException.php @@ -0,0 +1,27 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\Exception; + +/** + * This exception is thrown when no session is available. + * + * Possible reasons for this are: + * + * a) The session timed-out because the user waited too long. + * b) The user has disabled cookies, and a new session is started on each + * request. + * + * @author Johannes M. Schmitt <schmittjoh@gmail.com> + */ +class SessionUnavailableException extends AuthenticationException +{ +}
\ No newline at end of file diff --git a/Http/Firewall/AbstractAuthenticationListener.php b/Http/Firewall/AbstractAuthenticationListener.php index 3d438bd..2ab0cfd 100644 --- a/Http/Firewall/AbstractAuthenticationListener.php +++ b/Http/Firewall/AbstractAuthenticationListener.php @@ -18,6 +18,7 @@ use Symfony\Component\Security\Http\RememberMe\RememberMeServicesInterface; use Symfony\Component\Security\Core\SecurityContextInterface; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Exception\AuthenticationException; +use Symfony\Component\Security\Core\Exception\SessionUnavailableException; use Symfony\Component\HttpKernel\Log\LoggerInterface; use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\Events as KernelEvents; @@ -123,6 +124,14 @@ abstract class AbstractAuthenticationListener implements ListenerInterface return; } + if (!$request->hasSession()) { + throw new \RuntimeException('This authentication method requires a session.'); + } + + if (!$request->hasPreviousSession()) { + throw new SessionUnavailableException('Your session has timed-out, or you have disabled cookies.'); + } + if ($returnValue instanceof TokenInterface) { $this->sessionStrategy->onAuthentication($request, $returnValue); |