I have a logout function that worked in another project but for some reason doesn't work in the project I am currently working on. It looks like it just refreshes the page. I checked the official documentation of Symfony https://symfony.com/doc/current/security.html but to no avail. Hope you guys can help me.
Updated: Security.yml:
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
providers:
in_memory:
memory:
users:
beheerder:
password: admin
roles: 'ROLE_BEHEERDER'
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous:
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
logout:
path: security_logout
target: /
Controller:
<?php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class DefaultController extends Controller
{
//Functie om naar de homepagina te gaan met een redirect naar de homepagina van de gebruiker.
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request, AuthorizationCheckerInterface $authorizationChecker)
{
if ($authorizationChecker->isGranted(new Expression('"ROLE_BEHEERDER" in roles')))
{
return $this->redirectToRoute('beheerder');
}
else
{
return $this->render('default/index.html.twig');
}
}
/**
* @Route("/beheerder", name="beheerder")
*/
public function beheerder(Request $request)
{
return new Response($this->renderView('beheerder/index.html.twig'));
}
/**
* @Route("/logout", name="security_logout")
*/
public function logoutAction(Request $request)
{
return new Response($this->renderView('logout.html.twig'), 401);
}
}
Logout Twig:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>{% block title %}Overzicht{% endblock %}</title>
<link rel="icon" type="image/x-icon" href="{{ asset('favicon.ico') }}" />
</head>
<body>
<p>Redirecting back....</p>
<script>
document.cookie = 'PHPSESSID=; Path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
window.location.href = '{{ url('homepage') }}';
</script>
</body>
</html>
EDIT: I am using Symfony 3.4. When I go to page /logout it looks like it just refreshes page. I can see that it goes to the logout function but the user won't be logged out.
From the Symfony security docs: https://symfony.com/doc/3.4/security.html#logging-out
Notice that when using http-basic authenticated firewalls, there is no real way to log out : the only way to log out is to have the browser stop sending your name and password on every request. Clearing your browser cache or restarting your browser usually helps. Some web developer tools might be helpful here too.
You are using http-basic, so clearing the cookie won't work. So if you want to use that code, you need to implement a different authentication and stop using http-basic.