This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use Stack Overflow.

Login out with http_basic authentication

Discuss Symfony 2 bundles here

Login out with http_basic authentication

by ViC2 » Thu Oct 30, 2014 7:33 pm

My security.yml file:
Code: Select all

security
:
    firewalls:
        secured_area:
            pattern:   ^/
            anonymous: ~
            logout:
                path: /logout
                target
: /
            http_basic:
                realm: "Secured Demo Area"

    access_control:
        - { path: ^/path/, roles: ROLE_ADMIN }

    providers:
        in_memory:
            memory:
                users:
                    user:  { password: user, roles: 'ROLE_USER' }
                    admin: { password: admin, roles: 'ROLE_ADMIN' }

    encoders:
        SymfonyComponentSecurityCoreUserUser: plaintext


Part of my routing.yml file:
Code: Select all

logout
:
    path: /logout


When I go to the /logout path I get this error:
ContextErrorException: Warning: SessionHandler::write(): Parent session handler is not open in C:\wamp\www\emgef\app\cache\dev\classes.php line 3520

Now, if I return to the index page (/ path) I can see that the user who previously logged in, is no longer authenticated, BUT if I returned to the secured path (/path/) then the bottom dev bar shows that the user is still authenticated and of course the application behave in correspondence with that.

My specific questions are:
1. Why the path /logout give me an error.
2. How can I logout an user authenticated with the http_basic method.

Thank you in advance.
Do you realize that the sun doesn't go down? It's just an illusion caused by the world spinning round...
User avatar
ViC2
Junior Member
 
Posts: 7
Joined: Mon Jul 14, 2014 7:31 pm
Location: Matanzas Bay

Re: Login out with http_basic authentication

by mickburkesnr » Fri Oct 31, 2014 5:01 pm

I had this problem when I first started with Symfony2, and the answer was to use a HTML form instead of the browsers HTTP authentication.

The problem boils down to the browser caching the authentication. So when you go to log out you would, really, have to clear the browser cache to achieve that. You can also set it to expire, but you wouldn't be able to let the user log out.

I would seriously advise you use a HTML login form instead.
mickburkesnr
Member
 
Posts: 78
Joined: Mon Aug 22, 2011 12:33 pm
Location: Birmingham, UK