1

I wonder what is the best way how to check if user is logged in Symfony (4.x) using ajax xhr request? Currently I'm using combination of controller action (to handle success response) and event subscriber (to prevent redirection to login form if user is trying to access controller action while not logged in). Is there any better way to handle this?

Tom
  • 369
  • 2
  • 14
  • Don't know for Symfony4 but previously we could do something like https://stackoverflow.com/a/27382547/2375207 – nicolallias May 28 '19 at 10:19
  • See this please https://stackoverflow.com/questions/35125729/how-can-i-check-if-a-user-is-logged-in-in-symfony – Jitendra Ahuja May 28 '19 at 10:19
  • Also you can see https://stackoverflow.com/questions/10271570/how-to-check-if-an-user-is-logged-in-symfony2-inside-a-controller – Jitendra Ahuja May 28 '19 at 10:21
  • @nicolallias nope, this is the other case. And this is not a duplicate, the question you linked is about checking without ajax request and won't prevent user redirection to login form – Tom May 28 '19 at 10:21

1 Answers1

3

Currently I'm using combination of controller action (to handle success response)

I assume it is something like this

/**
 * @Route("/me/")
 */
public function meAction(): JsonResponse
{
    return new JsonResponse([
        'authenticated' => $this->getUser() !== null,
    ]);
}

event subscriber (to prevent redirection to login form if user is trying to access controller action while not logged in)

You can just add the following line in your security.yml

access_control
    - { path: ^/me/$, role: IS_AUTHENTICATED_ANONYMOUSLY }

Make sure to add it before any other access checks, this will tell the firewall to allow anonymous access for this path.

Also make sure that anonymous access is enabled for your firewall

firewalls:
    secured_area:
        anonymous: true

In case you don't want to allow anonymous access

there is nothing wrong with having anonymous: true, but if for some reason you don't want to allow it and still avoid a redirect - you can implement a custom Entry Point

class XhrAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
    /**
     * {@inheritdoc}
     */
    public function start(Request $request, AuthenticationException $authException = null)
    {
        return new JsonResponse(
            ['authenticated' => false],
            200 // can be 200 or 401 up to you.
        );
    }
}

and then add it to your configs

// services.yml
Security\XhrAuthenticationEntryPoint: ~

// security.yml
firewalls:
    secured_area: 
        entry_point: Security\XhrAuthenticationEntryPoint
Arthur
  • 2,869
  • 14
  • 25
  • Looks nice. But what about the case when I don't want to have anonymous access? Like the client area? Let's say I have landing page which should not be behind firewall and the secured area which is behind firewall. I'd like to know if user is logged in in secured area which is always `anonymous: false` from the non firewalled area. I have website with 4 different firewalls and one non protected area. – Tom May 28 '19 at 13:26
  • @Tom then change `IS_AUTHENTICATED_ANONYMOUSLY` to the role you want to check. – Preciel May 28 '19 at 22:26