@@ -38,94 +38,23 @@ separate articles:
38
38
* `role_hierarchy `_
39
39
40
40
access_denied_url
41
- ~~~~~~~~~~~~~~~~~
41
+ -----------------
42
42
43
43
**type **: ``string `` **default **: ``null ``
44
44
45
45
Defines the URL where the user is redirected after a ``403 `` HTTP error (unless
46
46
you define a custom access denial handler). Example: ``/no-permission ``
47
47
48
- delete_cookies
49
- ~~~~~~~~~~~~~~
50
-
51
- **type **: ``array `` **default **: ``[] ``
52
-
53
- Lists the names (and other optional features) of the cookies to delete when the
54
- user logs out::
55
-
56
- .. configuration-block ::
57
-
58
- .. code-block :: yaml
59
-
60
- # config/packages/security.yaml
61
- security :
62
- # ...
63
-
64
- firewalls :
65
- main :
66
- # ...
67
- logout :
68
- delete_cookies :
69
- cookie1-name : null
70
- cookie2-name :
71
- path : ' /'
72
- cookie3-name :
73
- path : null
74
- domain : example.com
75
-
76
- .. code-block :: xml
77
-
78
- <!-- config/packages/security.xml -->
79
- <?xml version =" 1.0" encoding =" UTF-8" ?>
80
- <srv : container xmlns =" http://symfony.com/schema/dic/security"
81
- xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
82
- xmlns : srv =" http://symfony.com/schema/dic/services"
83
- xsi : schemaLocation =" http://symfony.com/schema/dic/services
84
- https://symfony.com/schema/dic/services/services-1.0.xsd" >
85
-
86
- <config >
87
- <!-- ... -->
88
-
89
- <firewall name =" main" >
90
- <!-- ... -->
91
- <logout path =" ..." >
92
- <delete-cookie name =" cookie1-name" />
93
- <delete-cookie name =" cookie2-name" path =" /" />
94
- <delete-cookie name =" cookie3-name" domain =" example.com" />
95
- </logout >
96
- </firewall >
97
- </config >
98
- </srv : container >
99
-
100
- .. code-block :: php
101
-
102
- // config/packages/security.php
103
-
104
- // ...
105
-
106
- return static function (SecurityConfig $securityConfig): void {
107
- // ...
108
-
109
- $securityConfig->firewall('main')
110
- ->logout()
111
- ->deleteCookie('cookie1-name')
112
- ->deleteCookie('cookie2-name')
113
- ->path('/')
114
- ->deleteCookie('cookie3-name')
115
- ->path(null)
116
- ->domain('example.com');
117
- };
118
-
119
48
erase_credentials
120
- ~~~~~~~~~~~~~~~~~
49
+ -----------------
121
50
122
51
**type **: ``boolean `` **default **: ``true ``
123
52
124
53
If ``true ``, the ``eraseCredentials() `` method of the user object is called
125
54
after authentication.
126
55
127
56
hide_user_not_found
128
- ~~~~~~~~~~~~~~~~~~~
57
+ -------------------
129
58
130
59
**type **: ``boolean `` **default **: ``true ``
131
60
@@ -138,7 +67,7 @@ If ``false``, the exception thrown is of type
138
67
and it includes the given not found user identifier.
139
68
140
69
session_fixation_strategy
141
- ~~~~~~~~~~~~~~~~~~~~~~~~~
70
+ -------------------------
142
71
143
72
**type **: ``string `` **default **: ``SessionAuthenticationStrategy::MIGRATE ``
144
73
@@ -157,7 +86,7 @@ The possible values of this option are:
157
86
other session attributes are lost.
158
87
159
88
access_control
160
- ~~~~~~~~~~~~~~
89
+ --------------
161
90
162
91
Defines the security protection of the URLs of your application. It's used for
163
92
example to trigger the user authentication when trying to access to the backend
@@ -166,7 +95,7 @@ and to allow unauthenticated users to the login form page.
166
95
This option is explained in detail in :doc: `/security/access_control `.
167
96
168
97
firewalls
169
- ~~~~~~~~~
98
+ ---------
170
99
171
100
This is arguably the most important option of the security config file. It
172
101
defines the authentication mechanism used for each URL (or URL pattern) of your
@@ -427,7 +356,7 @@ delete_cookies
427
356
**type **: ``array `` **default **: ``[] ``
428
357
429
358
Lists the names (and other optional features) of the cookies to delete when the
430
- user logs out::
359
+ user logs out:
431
360
432
361
.. configuration-block ::
433
362
0 commit comments