/** * @param GetResponseForExceptionEvent $event */ public function onAccessDeniedException(GetResponseForExceptionEvent $event) { if ($event->getException() instanceof AccessDeniedHttpException) { $this->session->invalidate(); $this->session->set(SecurityContextInterface::ACCESS_DENIED_ERROR, ['message' => 'You are not allowed']); $this->securityContext->setToken(null); $route = $this->router->generate('oro_distribution_security_login'); $event->setResponse(new RedirectResponse($route)); } }
/** * @param boolean $destroy * * @return boolean */ public function logout($destroy = false) { if ($destroy === true) { $this->session->invalidate(); } else { $this->session->remove(self::USER_ID); $this->session->remove(self::USER_NAME); $this->session->remove(self::USER_GROUPS); $this->session->migrate(); } return !$this->isLogin(); }
/** * @param \Symfony\Component\HttpFoundation\Session\Session $session */ public function handleSessionValidation(SymfonySession $session) { $ip_address = new IPAddress($this->request->getClientIp()); $request_ip = $ip_address->getIp(IPAddress::FORMAT_IP_STRING); $invalidate = false; $ip = $session->get('CLIENT_REMOTE_ADDR'); $agent = $session->get('CLIENT_HTTP_USER_AGENT'); $request_agent = $this->request->server->get('HTTP_USER_AGENT'); // Validate the request IP if ($this->shouldCompareIP() && $ip && $ip != $request_ip) { if ($this->logger) { $this->logger->debug('Session Invalidated. Session IP "{session}" did not match provided IP "{client}".', array('session' => $ip, 'client' => $request_ip)); } $invalidate = true; } // Validate the request user agent if ($this->shouldCompareAgent() && $agent && $agent != $request_agent) { if ($this->logger) { $this->logger->debug('Session Invalidated. Session user agent "{session}" did not match provided agent "{client}"', array('session' => $agent, 'client' => $request_agent)); } $invalidate = true; } if ($invalidate) { $session->invalidate(); } else { if (!$ip && $request_ip) { $session->set('CLIENT_REMOTE_ADDR', $request_ip); } if (!$agent && $request_agent) { $session->set('CLIENT_HTTP_USER_AGENT', $request_agent); } } }
/** * Perform the logout, resetting the session */ public function doLogout() { $this->deleteRememberMeCookie(); $this->session->clear(); $this->session->invalidate(); $this->user_is_logged_in = false; }
/** * Initialize the session. * * This is something you might want to override in your controller so you can * redirect to a page with a message about being logged out after detecting the session has expired. * * @var int $session_expiration Session Expiration in seconds */ protected function initializeSession($session_expiration = null) { /** * Setup the session with cookie expiration of one week. This will * allow the session to persist even if the browser window is closed. * The session expiration will still be respected (default 1 hour). */ $this->session = new Session(new \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage(['cookie_lifetime' => 604800])); $this->config->load('config'); // Should session cookie be http only? Default true to reduce XSS attack vector. $session_cookie_httponly = (bool) $this->config->get('session_cookie_httponly', true); ini_set('session.cookie_httponly', $session_cookie_httponly); // We need a unique session name for this app. Let's use last 10 characters the file path's sha1 hash. try { $this->session->setName('TSAPP' . substr(sha1(__FILE__), -10)); $this->session->start(); // Default session expiration 1 hour. // Can be overridden in method param or by setting session_expiration in config.php $session_expiration = !empty($session_expiration) ? $session_expiration : $this->config->get('session_expiration', 3600); // Is this session too old? if (time() - $this->session->getMetadataBag()->getLastUsed() > $session_expiration) { $this->session->invalidate(); } } catch (\LogicException $e) { // Session already active, can't change it now! } }
/** * @Route("/wylogowanie") */ public function logoutAction() { $session = new Session(); $session->invalidate(); setcookie('login', '', 0, '/'); return $this->redirectToRoute('loginpage'); }
public function logoutAction(Session $session) { $session->invalidate(); $session->getFlashBag()->add('success', "You logged out successfully"); // Don't redirect back but prefer going home, to prevent visiting // the login page (and logging in again, thus preventing the logout) // or other pages where authentication is required return $this->goHome(); }
protected static function testSessionFixation(SymfonySession $session) { $ip = $session->get('CLIENT_REMOTE_ADDR'); $agent = $session->get('CLIENT_HTTP_USER_AGENT'); if ($ip && $ip != $_SERVER['REMOTE_ADDR'] || $agent && $agent != $_SERVER['HTTP_USER_AGENT']) { $session->invalidate(); } if (!$ip && isset($_SERVER['REMOTE_ADDR'])) { $session->set('CLIENT_REMOTE_ADDR', $_SERVER['REMOTE_ADDR']); } if (!$agent && isset($_SERVER['HTTP_USER_AGENT'])) { $session->set('CLIENT_HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']); } }
/** * Apply the Session Strategy * * @return void */ protected function applySessionStrategy() { if (!$this->session->isStarted()) { return $this->session->start(); } switch ($this->strategy) { case self::STRATEGY_MIGRATE: $this->session->migrate(); break; case self::STRATEGY_INVALIDATES: $this->session->invalidate(); break; default: throw new \RuntimeException('Session strategy should be "migrate" or "invalidate"'); } }
protected static function testSessionFixation(SymfonySession $session) { $iph = Core::make('helper/validation/ip'); $currentIp = $iph->getRequestIP(); $ip = $session->get('CLIENT_REMOTE_ADDR'); $agent = $session->get('CLIENT_HTTP_USER_AGENT'); if ($ip && $ip != $currentIp->getIp(IPAddress::FORMAT_IP_STRING) || $agent && $agent != $_SERVER['HTTP_USER_AGENT']) { $session->invalidate(); } if (!$ip && $currentIp !== false) { $session->set('CLIENT_REMOTE_ADDR', $currentIp->getIp(IPAddress::FORMAT_IP_STRING)); } if (!$agent && isset($_SERVER['HTTP_USER_AGENT'])) { $session->set('CLIENT_HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']); } }
/** * Função para validar a sessão * * @param Session $session * @return bool */ public function checkSession(Session $session) { $logger = $this->get('logger'); $session->getMetadataBag()->getCreated(); $session->getMetadataBag()->getLastUsed(); if (time() - $session->getMetadataBag()->getLastUsed() > $this->maxIdleTime) { $session->invalidate(); $logger->error("Sessão inválida:\n" . $session->getId()); //throw new SessionExpired(); // direciona para a página de sessão expirada return false; } else { return true; } }
/** * Destroy the user session */ function logout() { $this->session->invalidate(); }
/** * {@inheritdoc} */ public function invalidate($lifetime = null) { parent::start(); return parent::invalidate($lifetime); }