Can't Logout user in Symfony4

0
votes

I'm updating a project built with Symfony2.7 to Symfony4, everything is working fine and have good compatibility, but one thing that should be fine, a built-in resource, the security layer, doesn't work as expected.

The problem I'm facing is that I can't logout users anymore. I followed the steps on the guide but nothing changed.

Below is the security config:

#config/packages/security.yaml
security:
    encoders:
        App\Entity\Clients:
            algorithm: bcrypt

    providers:
        app_user_provider:
            entity:
                class: App\Entity\Clients
    firewalls:    
        app:
            pattern: ^/
            anonymous: ~
            provider: app_user_provider
            remember_me:
                secret: "%kernel.secret%"
            form_login:
                use_referer: true
                login_path: login
                check_path: login_check
                always_use_default_target_path: false
                default_target_path: dashboard
                csrf_token_generator: security.csrf.token_manager
            logout:
                path: logout
                target: home
                invalidate_session: false

The paths I'm using are route names, but also tried the path itself.

I can normally login any user, but when I hit the logout route, I'm just redirected to home route, but the user is still authenticated.

Tried to set a custom handler logout like:

logout:
    handlers: [logout_handler]

It references to a service implementing Symfony\Component\Security\Http\Logout\LogoutHandlerInterface, but it didn't even call the handler.

It would be great if I could only use the default handler, and it's necessary to maintain the "remember_me" behavior, which was also working fine in 2.7.

Could anyone help me with that?

EDIT: My config routes.yaml is empty, 'cause I'm using annotation routes, the config/packages/routing.yaml is as follows:

framework:
    router:
        strict_requirements: ~

Just like when initialized with the composer create-project command. And for the annotations config I have the file config/routes/annotations.yaml:

controllers:
    resource: ../../src/Controller/
    type: annotation

Again, it's the config the recipe created by itself.

3
phpsymfonysecuritylogoutsymfony4
Can you show your config/routes.yaml? Do you have action in some controller for logout route?2kai
I posted a some additions to the question. Yes, I have an action for logout, as it's a route name, it's needed to be defined, so I created an action, just as it worked in the other version of the framework, but it's empty, just defining the route with an action.Gustavo Miguel

3 Answers

1
votes

You need remove logout action in your controller,
next add route to config/routes.yaml.

More info here.
https://symfony.com/doc/current/security.html#logging-out

0
votes

I achieved the result of logging out by removing the REMEMBERME cookie with a **LogoutSuccessHandler* (reference).

I think of this as being an ugly workaround, but the result was satisfactory, as everything worked fine. But still don't know why it didn't worked automatically with the configs, also why I couldn't use a custom logout handler. If anyone comes up with better answer, I can mark it as the accepted answer.

0
votes

If you follow the instructions at Symfony Security Logging Out, make sure you use the proper route name to get to /logout. I had to use 'app_logout' to actually get it to logout and I was not able to change that path name in the Security.yaml file without also modifying the controller annotations (see below). No controller needed. No custom handler needed (thank god).

After you configure logout, try running php bin/console debug:router to check the actual route to /logout.

The logout part of my Security.yaml looked like this:

logout:
    path: app_logout
    # where to redirect after logout
    target: front

Based on instructions, I added an empty controller (if you want custom path names, you'll have to change the path names here plus add the change to Security.yaml):

<?php

//App/Controller/SecurityController.php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;

class SecurityController extends AbstractController
{
    /**
     * @Route("/logout", name="app_logout")
     */
    public function logout()
    {
        throw new \Exception('This method can be blank - it will be intercepted by the logout key on your firewall');
    }
}

My call looked like this:

<a class="nav-link" href="{{ path('app_logout') }}">Logout</a>