Skip to content

Commit

Permalink
Logout from custom firewall always deletes complete session (pimcore#…
Browse files Browse the repository at this point in the history 
…13825)

* register logoutlistener only on pimcore_admin firewall

* clear only admin session

* set response to logout event object
  • Loading branch information
@jheimbach
jheimbach authored Dec 20, 2022
1 parent 1dccd93 commit 9de7216
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
4 changes: 3 additions & 1 deletion bundles/AdminBundle/config/security_services.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,9 @@ services:
$firewallName: !abstract defined by the factory


Pimcore\Bundle\AdminBundle\Security\Event\LogoutListener: ~
Pimcore\Bundle\AdminBundle\Security\Event\LogoutListener:
tags:
- { name: 'kernel.event_subscriber', dispatcher: 'security.event_dispatcher.pimcore_admin'}

Pimcore\Bundle\AdminBundle\Security\User\TokenStorageUserResolver:
public: true
Expand Down
9 changes: 6 additions & 3 deletions bundles/AdminBundle/src/Security/Event/LogoutListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,14 @@ public function __construct(
) {
}

public function onLogout(LogoutEvent $event): RedirectResponse|Response
/**
* @param LogoutEvent $event
*/
public function onLogout(LogoutEvent $event): void
{
$request = $event->getRequest();

return $this->onLogoutSuccess($request);
$event->setResponse($this->onLogoutSuccess($request));
}

public function onLogoutSuccess(Request $request): RedirectResponse|Response
Expand All @@ -88,7 +91,7 @@ public function onLogoutSuccess(Request $request): RedirectResponse|Response
$adminSession->remove('user');
}

Session::invalidate();
$adminSession->clear();

return $event;
});
Expand Down

0 comments on commit 9de7216

Please sign in to comment.