I can not logout in Symfony 3

Navigation
0

I have Symfony 3 configured for the most basic access (the http_basic). In security.yml I have the following, in the firewall: 

        main:
            security: true
            anonymous: ~
#De momento, la entrada es por http_basic.
            http_basic: ~

            logout:
                path:   /logout
                target: /
                invalidate_session:   true
                delete_cookies: ['PHPSESSID']

I also have a provider in memory: 

in_memory:
    memory:
        users:
            user:
                password: $2y$12$cDEE6BJbtj94ZnM7PSimSOx1voqQtq0MebnUOYcg6PmnuVFk5uBaC
                roles: 'ROLE_USER'
            admin:
                password: $2y$12$FLJprSiEP/Bkd2xdJyyBGuHOtWuEUePfkXF54UUFexyPUKPmXlSY.
                roles: 'ROLE_ROOT_ADMIN'

I have the hierarchy of roles and denials: 

#La aplicación usará ROLE_USER y ROLE_ADMIN. Los otros dos se los reserva el desarrollador
    role_hierarchy:
        ROLE_ROOT_ADMIN: ROLE_SUPER_ADMIN
        ROLE_SUPER_ADMIN: ROLE_ADMIN
        ROLE_ADMIN: ROLE_USER

#Para denegar el acceso si no hay nivel de autenticación.
    access_control:
        - { path: /admin, roles: ROLE_ADMIN }
        - { path: /user, roles: ROLE_USER }

In the routing file I have: 

logout:
  path: /logout

The main page is freely accessible, without denials. You have a link to go to the admin page. I press it, and it asks for the access data. I click them and I give way. In the lower bar of symfony it shows me how to use admin. So far, all right.

Now I click on the logout link, and it forwards me to the main page, and on the bottom bar it shows me as anon. Up to this point, everything is correct too.

The problem is that now I click on the link again to access the admin page, and it gives me a pass without asking for authentication, and in the bottom bar it shows me again as admin.

However, if I delete the browser's cookies, it works well for me, it asks me for authentication again. This should not be the case. The application should not remember that once it enters as admin. That is, once on the main page, as anon. you should re-request authentication every time you want to access a restricted area.

How can I make the logout really clean up the previous access data, and ask for authentication again?

Thank you, people. I'm a rookie with symfony and weird things happen to me.

    
asked by Chefito 24.03.2018 в 12:18
source

1 answer

1

Look at the box in red Basically when you use http-basic you do not really loot, according to the documtentación.

    
answered by 27.04.2018 / 16:25
source
error when querying in mysql from php Warning: mysqli_fetch_array () expects parameter 1 to be mysqli_result, boolean given in php syntax check ','