Geek Answers Handbook

Symfony2 - login and registration access for anonymous users

I have this site with a login form, and after I successfully logged in, I was redirected to the index. But when I click the back button, it allows me to view the login form, which is not good. I want only the login form to be available only to anonymous viewers, and not to users who are already logged in. Is there an easy way to do this in symfony2? thanks

Here is my safety .:

jms_security_extra: secure_all_services: false expressions: true security: encoders: Mata\UserBundle\Entity\User: algorithm: sha1 encode_as_base64: false iterations: 1 role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] providers: user_db: entity: { class: MataUserBundle:User, property: username } firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: check_path: /login_check login_path: /login logout: path: /logout target: / access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/, roles: ROLE_USER }
+6
source share
1 answer

It may not be the best or right way to do this, but it was the only way to understand it.

In my loginAction method, I do this (see the $ protected variable). If the user session is authenticated, I redirect it to the homepage / index. I do not know how to do this using the firewall configuration, because I do not believe that a firewall will be installed on the login page.

 /** * @Route("/login", name="login") * @Template() */ public function loginAction() { $request = $this->getRequest(); $session = $request->getSession(); // if the session is secured (user is logged in) // then $secured will be an object with various user information. $secured = unserialize($session->get('_security_secured')); if ($secured) { return $this->redirect($this->generateUrl('home')); } // get the login error if there is one if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR); } else { $error = $session->get(SecurityContext::AUTHENTICATION_ERROR); } return array( 'last_username' => $session->get(SecurityContext::LAST_USERNAME), 'error' => $error, 'embed' => $request->isXmlHttpRequest() ); }
+5
source

More articles:


All Articles