2
votes

I have created a loginsuccesshandler.php and am checking if the user is !enabled like this

  public function onAuthenticationSuccess(Request $request, TokenInterface $token)
    {

            $user = $token->getUser();
            if(!$user->isEnabled())
            {//do not pass go

                $request->getSession()->invalidate();
                $this->security->setToken(null);
               //$token->setToken(null);
                return new RedirectResponse($this->router->generate('account_disabled'));
            }

This line

 $request->getSession()->invalidate();

is causing the following error:

Warning: SessionHandler::write(): Parent session handler is not open in /var/www...

But I cant remove it because if the user clicks the remember me checkbox, they will still be logged in.

I had the same problem with FOS logging out, but I added this to the config

    logout:
        invalidate_session: false
1
if you use fos anyway ... why not using their build in features (login, logout, resetPassword, double opt in ...) and just styles them to your needs ? The FOS Login considers the enabled flag of the user - nixoschu

1 Answers

4
votes

You're doing it wrong. Symfony has already built-in mechanism to achieve that:

  1. Implement AdvancedUserInterface for your User class.
  2. ...and that's it. For more, read http://symfony.com/doc/current/cookbook/security/entity_provider.html#forbid-inactive-users