Symfony 2: changing user in database does not cause logout

4
votes

I've followed this tutorial:

http://symfony.com/doc/current/book/security.html

using a custom User implements UserInterface class, however I've found that adjusting the password in the database (say the user changed it else on the bases they think it was comprimised), I've found that the class/Symfony simply updates the login. Only if the username is changed is the user logged out. Anyway to alter this behaviour?

2
phpsymfony
One thing I should mention: when running the debug (app_dev.php) version I can see at the bottom it will change from "tim" to "tim (not auth)" as soon as I make the DB change; so clearly it notices it.Tim Green

2 Answers

0
votes

Did not understand your question. if your question is how close the user session when you change any value? can implement a routine in your action userUpdate verify that there are changes with your username and according to what you need you can restart the session or close it if that's what you want

0
votes

Using cookie based session there is no way to do this because session is stored on users computer.

You have to switch to databased sessions. So you can identify open sessions and delete them to deauthenticate users.