/**
* Clears the session variable namespace used by the Users module.
*
* Triggered by the 'user.logout.succeeded' and 'frontcontroller.exception' events.
*
* This is to ensure no leakage of authentication information across sessions or between critical
* errors. This prevents, for example, the login process from becoming confused about its state
* if it detects session variables containing authentication information which might make it think
* that a re-attempt is in progress.
*
* @param GenericEvent $event The event that triggered this handler.
*
* @return void
*/
public static function clearUsersNamespaceListener(GenericEvent $event)
{
$eventName = $event->getName();
$modinfo = $event->hasArg('modinfo') ? $event->getArg('modinfo') : array();
$doClear = $eventName == 'user.logout.succeeded' || $eventName == 'frontcontroller.exception' && isset($modinfo) && is_array($modinfo) && !empty($modinfo) && !isset($modinfo['name']) && $modinfo['name'] == self::$modname;
if ($doClear) {
$container = ServiceUtil::getManager();
$session = $container->get('session');
$session->clearNamespace('Zikula_Users');
//Do not setNotified. Not handling the exception, just reacting to it.
}
}
