Page is still authenticated after gitlab is logout

I am using KnpUOAuth2ClientBundle for Symfony 5. When I enter the page, if user is not logged, then it redirects to gitlab page and on authentication it successfully redirects to my homepage where it stores cookie.

But after I logout gitlab and check my homepage, it still works as cookie is stored.

This seems to be error. What should I do so that if gitlab is logout, the cookie is cleared.

This is my security.yaml file

security:
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        app_user_provider:
            id: AppSecurityUserProvider
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true
            guard:
                authenticators:
                    - AppSecurityGitlabAuthenticator
    access_control:
        - { path: ^/connect, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }

I am not sure what I am trying to do is correct or not. Inside GitlabAuthController I have connectAction method where I am trying to clear the cookie set

  public function connectAction(ClientRegistry $clientRegistry): RedirectResponse
    {
        if ($this->logout()->getStatusCode() === 200) {
            // will redirect to gitlab!
            return $clientRegistry
                ->getClient('gitlab') // key used in config/packages/knpu_oauth2_client.yaml
                ->redirect()
                ;
        }
    }

public function logout()
    {
        $response = new Response();
        $response->headers->clearCookie('PHPSESSID');
        return $response->send();
    }

But with this one I am getting Invalid state parameter passed in callback URL. error.

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *