/** * Clears the session variable namespace used by the Users module. * * Triggered by the 'user.logout.succeeded' and 'frontcontroller.exception' events. * * This is to ensure no leakage of authentication information across sessions or between critical * errors. This prevents, for example, the login process from becoming confused about its state * if it detects session variables containing authentication information which might make it think * that a re-attempt is in progress. * * @param GenericEvent $event The event that triggered this handler. * * @return void */ public static function clearUsersNamespaceListener(GenericEvent $event) { $eventName = $event->getName(); $modinfo = $event->hasArg('modinfo') ? $event->getArg('modinfo') : array(); $doClear = $eventName == 'user.logout.succeeded' || $eventName == 'frontcontroller.exception' && isset($modinfo) && is_array($modinfo) && !empty($modinfo) && !isset($modinfo['name']) && $modinfo['name'] == self::$modname; if ($doClear) { $container = ServiceUtil::getManager(); $session = $container->get('session'); $session->clearNamespace('Zikula_Users'); //Do not setNotified. Not handling the exception, just reacting to it. } }