Delete cookies from the TokenProvider that is no longer in use #6055
Conversation
| @@ -63,10 +63,12 @@ public function setTokenProvider(TokenProviderInterface $tokenProvider) | |||
| /** | |||
| * {@inheritDoc} | |||
| */ | |||
| public function logout(Request $request, Response $response, TokenInterface $token) | |||
| public function cancelCookie(Request $request) | |||
|
So, anything else that needs to be done before this is merged? |
| @@ -172,6 +172,9 @@ public function logout(Request $request, Response $response, TokenInterface $tok | |||
| */ | |||
| final public function loginSuccess(Request $request, Response $response, TokenInterface $token) | |||
| { | |||
| // Make sure any old remember-me cookies are canceled | |||
|
Ok, I have corrected the typo in the comment and squashed the commit. |
|
btw, On Wed, Nov 21, 2012 at 11:30 AM, Terje Bråten notifications@github.comwrote:
|
|
As a side-note have you verified that this does not break the cookie theft protection? |
|
Yes, cookie theft protection is still there and is functioning well. |
|
I am using this together with the DoctrineTokenProvider in issue #6057 in my own project and done some extensive testing on it. |
|
Is this ready to be merged now? |
This PR was merged into the master branch. Commits ------- d1b5093 Try to make sure cookies get deleted from the TokenProvider when no longer in use Discussion ---------- Delete cookies from the TokenProvider that is no longer in use Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Todo: - License of the code: MIT When the user logs in, or login fails for some reason, the old "remember me" cookie should be deleted from the TokenProvider if you are using the PersistentTokenBasedRememberMeServices. As the code is now, the token is only deleted on logout. --------------------------------------------------------------------------- by TerjeBr at 2012-11-20T13:45:54Z So, anything else that needs to be done before this is merged? --------------------------------------------------------------------------- by TerjeBr at 2012-11-21T10:30:53Z Ok, I have corrected the typo in the comment and squashed the commit. --------------------------------------------------------------------------- by schmittjoh at 2012-11-21T10:36:29Z btw, ``canceled`` (more American) and ``cancelled`` (more British) are both correct English forms. On Wed, Nov 21, 2012 at 11:30 AM, Terje Bråten <notifications@github.com>wrote: > Ok, I have corrected the typo in the comment and squashed the commit. > > — > Reply to this email directly or view it on GitHub<#6055 (comment)>. > > --------------------------------------------------------------------------- by schmittjoh at 2012-11-21T10:40:24Z As a side-note have you verified that this does not break the cookie theft protection? --------------------------------------------------------------------------- by TerjeBr at 2012-11-21T10:51:10Z Yes, cookie theft protection is still there and is functioning well. --------------------------------------------------------------------------- by TerjeBr at 2012-11-21T11:14:04Z I am using this together with the DoctrineTokenProvider in issue #6057 in my own project and done some extensive testing on it. --------------------------------------------------------------------------- by TerjeBr at 2012-11-23T10:30:34Z Is this ready to be merged now?
|
Thank you for merging this. |
|
I try to implement the Remember Me functionality but I can't make it work.
Do I miss something or am I doing something wrong ? |
|
When I comment the lines of code added in this PR, everything works as expected. |
|
I was skeptical when I saw the PR, but I had no time to test it. I guess Fabien has though? On Wed, Nov 28, 2012 at 5:09 PM, Nathanaël Mariani <notifications@github.com
|
|
@nmariani $request->attributes->remove(self::COOKIE_ATTR_NAME);That should remove the blank cookie so the ResponseListener do not set it, as you say it does in point 3. |
|
OK, I see now. How shall I do the fix? Is it best that I amend this pull request, or is it better that I start a new pull request since this one is already merged? |
|
@TerjeBr Open a new PR please, thanks. |
This PR was merged into the master branch. Commits ------- 373be62 Bugfix for creating cookie on loginSuccess in AbstractRememberMeServices Discussion ---------- Bugfix for creating cookie on loginSuccess in AbstractRememberMeServices Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: #6055 Todo: - License of the code: MIT By a mistake setting of new cookies did not work for other RememberMe services than PersistentTokenBasedRememberMeServices --------------------------------------------------------------------------- by TerjeBr at 2012-12-01T17:28:08Z Ping. Any feedback on this?
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Todo: -
License of the code: MIT
When the user logs in, or login fails for some reason, the old "remember me" cookie should be deleted from the TokenProvider if you are using the PersistentTokenBasedRememberMeServices.
As the code is now, the token is only deleted on logout.