Cover of the book Symfony 5: The Fast Track

Symfony 5: The Fast Track is the best book to learn modern Symfony development, from zero to production. +300 pages showcasing Symfony with Docker, APIs, queues & async tasks, Webpack, SPAs, etc.

  1. Home
  2. Documentation
  3. Cookbook
  4. Security
  5. How to change the Default Target Path Behavior
WARNING:

You are browsing the documentation for Symfony 2.2 which is not maintained anymore.

Consider upgrading your projects to Symfony 5.2.

How to change the Default Target Path Behavior

2.2 version
Unmaintained
2.1 2.2 2.3 2.4 2.5 2.6

How to change the Default Target Path Behavior

By default, the Security component retains the information of the last request URI in a session variable named _security.main.target_path (with main being the name of the firewall, defined in security.yml). Upon a successful login, the user is redirected to this path, as to help them continue from the last known page they visited.

On some occasions, this is unexpected. For example when the last request URI was an HTTP POST against a route which is configured to allow only a POST method, the user is redirected to this route only to get a 404 error.

To get around this behavior, you would simply need to extend the ExceptionListener class and override the default method named setTargetPath().

First, override the security.exception_listener.class parameter in your configuration file. This can be done from your main configuration file (in app/config) or from a configuration file being imported from a bundle:

  • YAML
    1
2
3
4
    # src/Acme/HelloBundle/Resources/config/services.yml
parameters:
    # ...
    security.exception_listener.class: Acme\HelloBundle\Security\Firewall\ExceptionListener
  • XML
    1
2
3
4
5
    <!-- src/Acme/HelloBundle/Resources/config/services.xml -->
<parameters>
    <!-- ... -->
    <parameter key="security.exception_listener.class">Acme\HelloBundle\Security\Firewall\ExceptionListener</parameter>
</parameters>
  • PHP
    1
2
3
    // src/Acme/HelloBundle/Resources/config/services.php
// ...
$container->setParameter('security.exception_listener.class', 'Acme\HelloBundle\Security\Firewall\ExceptionListener');

Next, create your own ExceptionListener:

// src/Acme/HelloBundle/Security/Firewall/ExceptionListener.php
namespace Acme\HelloBundle\Security\Firewall;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Firewall\ExceptionListener as BaseExceptionListener;

class ExceptionListener extends BaseExceptionListener
{
    protected function setTargetPath(Request $request)
    {
        // Do not save target path for XHR and non-GET requests
        // You can add any more logic here you want
        if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
            return;
        }

        parent::setTargetPath($request);
    }
}

Add as much or few logic here as required for your scenario!

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.