New in Symfony 6.3: Login and Logout Improvements
May 3, 2023 • Published by Javier Eguiluz
Symfony 6.3 is backed by:
Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.
Custom Redirection with Programmatic Login
Contributed by
Nicolas Sauveur
in #48582.
In Symfony 6.2 we introduced a login()
method to ease the programmatic
login of users. However, this method returned void
, so you couldn't customize
the response after the user login.
The underlying UserAuthenticator::authenticateUser()
called by login()
returns a Response
object which can be used to redirect the user. That's why
in Symfony 6.3, the login()
method now returns that Response
object too:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpFoundation\Response;
class RegistrationController extends AbstractController
{
public function verifyUserEmail(Security $security): Response
{
// ...
$redirectResponse = $security->login($user);
return $redirectResponse;
}
}
Remember Me Option for JSON Logins
Contributed by
Markus Baumer
in #48899.
JSON login is one of the built-in authentication mechanisms provided by Symfony. It's popular e.g. when building APIs to generate security tokens based on a given username (or email) and password.
Remember me is a built-in Symfony security feature that allows to store some user credentials in a signed cookie so they don't have to provide them again the next time they browse your application.
In Symfony 6.3 we're merging both features to provide Remember Me support for
JSON logins. To do so, add a _remember_me
key (this name is configurable)
to the body of your POST request:
1 2 3 4 5
{
"username": "dunglas@example.com",
"password": "MyPassword",
"_remember_me": true
}
Clear Site Data After Logout
Contributed by
Maximilian Beckers
in #49306.
The Clear-Site-Data HTTP header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored by a client browser for their origins.
In Symfony 6.3, we're adding support for this HTTP header via the logout
configuration of your firewalls:
1 2 3 4 5 6 7 8 9 10 11 12 13
security:
# ...
firewalls:
main:
# ...
logout:
path: app_logout
# the available options are 'cache', 'cookies', 'storage', 'executionContexts'
# you can also use the '*' wildcard to clear all data
clear_site_data:
- cache
- storage
- executionContexts
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
https://caniuse.com/mdn-http_headers_clear-site-data_cache
https://caniuse.com/mdn-http_headers_clear-site-data_storage
https://caniuse.com/mdn-http_headers_clear-site-data_cookies
https://caniuse.com/mdn-http_headers_clear-site-data_executioncontexts