2

我想在登录之前不执行登录时开始会话。

我发现,当我在表单中使用 csrf 令牌时,它也会启动会话。

现在我禁用了 csrf 令牌,但系统也启动了一个会话。

symfony2 的哪些部分也在创建会话?

如何使用 xdebug 在我的应用程序中检测到正确的一方?我将断点放在 Session.class 中,但 xdebug 从未停止过这一点。

非常感谢你。

我正在使用 symfony 2.0。

这是我的 config.yml 部分

session:
    default_locale: %locale%
    lifetime: %session_lifetime%        
    path: /
    domain: %session_authdomain%            
    name: sid
    auto_start: false

这是我的 security.yml

security:
encoders:        
    Danke\ForumBundle\Entity\Forumuser: sha512
    Danke\ForumBundle\Entity\Admin: sha512

role_hierarchy:
    ROLE_MODERATOR: [ROLE_MANAGE_DEAL, ROLE_MANAGE_COMMENT]
    ROLE_ADMIN: [ROLE_MODERATOR, ROLE_MANAGE_CATEGORY, ROLE_MANAGE_AFFILIATELINK, ROLE_MANAGE_FORUMUSER, ROLE_MANAGE_BADLINK, ROLE_MANAGE_BADWORD]
    ROLE_SUPERADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH,  ROLE_MANAGE_EXCLUSIVEDEAL, ROLE_MANAGE_ADMIN]

providers:
    forumuser:
        providers: u_email, u_username
    u_email:
      entity: { class: Danke\ForumBundle\Entity\Forumuser, property: email }
    u_username:
      entity: { class: Danke\ForumBundle\Entity\Forumuser, property: username }
    admin:
        providers: a_email, a_username
    a_email:
      entity: { class: Danke\ForumBundle\Entity\Admin, property: email }
    a_username:
      entity: { class: Danke\ForumBundle\Entity\Admin, property: username }


firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    admin:
      # since anonymous is allowed users will not be forced to login
      pattern:   /admin/
      form_login:
        provider: admin
        login_path:  /admin
        check_path:  /admin/login
        always_use_default_target_path: true
        default_target_path: /admin/deal
      anonymous: false
      logout:
            path:   /admin/logout
            target: /admin

    public:
      # since anonymous is allowed users will not be forced to login
      pattern:   ^/.*          
      form_login:
        provider: forumuser
        login_path:  /login
        check_path:  /login_check/form
        #default_target_path: has to be declard in AuthenticationHandler
        success_handler: danke.forum.listener.authenticationhandler
        failure_handler: danke.forum.listener.authenticationhandler
      anonymous: true
      logout: true

access_control:
  //some access Control pages
4

1 回答 1

5

在您的公共防火墙中,禁用匿名身份验证,因为它需要会话来识别未登录的用户。

您可以替换为:

firewalls:
    public:
      # since anonymous is allowed users will not be forced to login
      pattern:   ^/.*   
      security: false
于 2012-09-25T09:54:41.953 回答