SessionInterface or TokenStorageInterface for authentication?

B

BonBon Slick2018-12-14 16:58:02

symfony

BonBon Slick, 2018-12-14 16:58:02

If the user is authorized, there will be a SessionInterface in the session as an array.
If the user is authorized, and here he will be TokenStorageInterface in the token video.
If you need to check if the user is authenticated, which is better? Why? When to use one or the other?
In my case, I do a check in the EventSubscriber.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

F

Flying, 2018-12-21
@BonBonSlick

Information about the authorized user is stored in the security token, in the general case, this is any class that implements TokenInterface . The token itself is stored in token storage , usually the standard TokenStorage . Symfony also provides simplified access to the core security components through the Security class . Thus, if your EventSubscriber needs to check user authentication, this can be done in different ways, depending on what exactly you want to track:

If you need to react at the moment of obtaining authorization, then this is done through a subscription to authentication events
If you just need to understand if there is a user and if he is authorized, then you should connect Securityvia DI to your service and check if there is a token there and if the user associated with it is authorized:
```
$token = $this->security->getToken();
if ($token instanceof TokenInterface && $token->isAuthenticated()) {
  // пользователь прошёл аутентификацию
}
```