Symfony provides a simple way of preventing users from logging in using the isEnabled property if the user class implements AdvancedUserInterface.
However, if the user is logged in nothing will prevent them from accessing the website until their session expires.
The idea would be to check the isEnabled property upon getting the user entity ($this->get('security.token_storage')->getToken()->getUser()) and to invalidate the session then. What is the preferred way of doing so?
Or is there a better way to achieve this goal?
Aucun commentaire:
Enregistrer un commentaire