This is a usage question, but its specific to Symfony2, will probably
be a frequently asked question, and depending on the answer, could
have some minor Sf2 design implications, so I figured I'd stick it in
the developers group.
The scenario:
User logs in successfully, idles for X number of minutes
User returns and clicks on something that sends an AJAX request
The security component automatically logs out the user because X >
logout threshold and redirects to the login page.
The login page is rendered inside of the AJAX target container.
The symfony 1.x solution:
Replace the default security filter with a subclass that, in pseudo:
if ( request is ajax and user is not authenticated )
return a response consisting of '<script>javascript that forces a
full page refresh</script>'
else
continue as the parent security filter would
This always felt like a terrible hack, but its all I was ever able to
find (maybe there was a better way and I missed it).
In Symfony2 it looks like the concept of a filter chain was dropped
entirely in favor of extensive use of events (which is understandable,
since there was overlap, from the extensibility point of view).
So is there a "right" way to deal with this issue in Symfony2?
Perhaps extending an existing listener? Could be a useful cookbook
article. (and i apologize if this has been addressed somewhere, but I
did my due diligence)
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
