It should be noted that if your plan is to allow login at any time and you
desire to be able to tell that the user is logged in at any time, then this
isn't much of an issue because your firewall is always:
firewalls:
main:
pattern: ^.*$
form-login: true
anonymous: true
logout: true
(Note no leading /, that does not match the home page with no / on it)
... And then you can use access_control to lock things down. access_control
can go by controller rather than by URL if you choose. So my concerns are
resolved for the projects I'm working on. Those who would rather not have
the overhead of a security.context at all in some situations might still be
a little concerned that they must make this decision by URL and reconcile it
with any changes to their routing.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
