How to check if an user is logged in Symfony2 inside a controller

Question

I read here how to check the login status of an user by inside a twig template for a Symfony2-based website  However  I need to know how to check if the user is logged in from inside a controller  I was quite sure the the following code was right    user    this- gt get  security context  - gt getToken  - gt getUser      but it always return something  e g  a logged user or an anonymous user   Any idea  Thanks in advance

User · Accepted Answer

Warning  Checking for  IS AUTHENTICATED FULLY  alone will return false if the user has logged in using  Remember me  functionality   According to Symfony 2 documentation  there are 3 possibilities      IS AUTHENTICATED ANONYMOUSLY - automatically assigned to a user who is   in a firewall protected part of the site but who has not actually   logged in  This is only possible if anonymous access has been allowed       IS AUTHENTICATED REMEMBERED - automatically assigned to a user who was   authenticated via a remember me cookie       IS AUTHENTICATED FULLY - automatically assigned to a user that has   provided their login details during the current session    Those roles represent three levels of authentication      If you have the IS AUTHENTICATED REMEMBERED role  then you also have   the IS AUTHENTICATED ANONYMOUSLY role  If you have the   IS AUTHENTICATED FULLY role  then you also have the other two roles    In other words  these roles represent three levels of increasing    strength  of authentication    I ran into an issue where users of our system that had used  Remember Me  functionality were being treated as if they had not logged in at all on pages that only checked for  IS AUTHENTICATED FULLY    The answer then is to require them to re-login if they are not authenticated fully  or to check for the remembered role    securityContext    this- gt container- gt get  security authorization checker    if   securityContext- gt isGranted  IS AUTHENTICATED REMEMBERED             authenticated REMEMBERED  FULLY will imply REMEMBERED  NON anonymous      Hopefully  this will save someone out there from making the same mistake I made   I used this very post as a reference when looking up how to check if someone was logged in or not on Symfony 2   Source  http   symfony com doc 2 3 cookbook security remember me html forcing-the-user-to-re-authenticate-before-accessing-certain-resources

User · Answer

To add to answer given by Anil  In symfony3  you can use  this- gt getUser   to determine if the user is logged in  a simple condition like if   this- gt getUser       will do   If you look at the source code which is available in base controller  it does the exact same thing defined by Anil

User · Answer

SecurityContext will be deprecated in Symfony 3 0  Prior to Symfony 2 6 you would use SecurityContext  SecurityContext will be deprecated in Symfony 3 0 in favour of the AuthorizationChecker     For Symfony 2 6   amp  Symfony 3 0 use AuthorizationChecker     Symfony 2 6  and below      Get our Security Context Object -  deprecated in 3 0   security context    this- gt get  security context      e g   security context- gt isGranted  ROLE ADMIN        Get our Token  representing the currently logged in user   security token    security context- gt getToken      e g   security token- gt getUser      e g   security token- gt isAuthenticated       Careful                 Anonymous users are technically authenticated      Get our user from that security token  user    security token- gt getUser      e g   user- gt getEmail     user- gt isSuperAdmin     user- gt hasRole        Check for Roles on the  security context  isRoleAdmin    security context- gt isGranted  ROLE ADMIN      e g   bool  true false     Symfony 3 0   and from Symfony 2 6    security context becomes security authorization checker  We now get our token from security token storage instead of the security context        New 3 0  Get our  authorization checker  Object  auth checker    this- gt get  security authorization checker      e g   auth checker- gt isGranted  ROLE ADMIN        Get our Token  representing the currently logged in user      New 3 0  Get the  token storage  object  instead of calling upon  security context    token    this- gt get  security token storage  - gt getToken      e g   token- gt getUser      e g   token- gt isAuthenticated       Careful                Anonymous users are technically authenticated      Get our user from that token  user    token- gt getUser      e g  w  FOSUserBundle    user- gt getEmail     user- gt isSuperAdmin     user- gt hasRole         New 3 0  Check for Roles on the  auth checker  isRoleAdmin    auth checker- gt isGranted  ROLE ADMIN       e g   bool  true false     Read more here in the docs  AuthorizationChecker How to do this in twig   Symfony 2  How do I check if a user is not logged in inside a template

User · Answer

If you using roles you could check for ROLE USER that is the solution i use   if  TRUE      this- gt get  security authorization checker  - gt isGranted  ROLE USER             user is logged in

User · Answer

It s good practise to extend from a baseController and implement some base functions implement a function to check if the user instance is null like this if the user form the Userinterface then there is no user logged in         class BaseController extends AbstractController                    return User              protected function getUser     User               return parent  getUser                           return bool             protected function isUserLoggedIn    bool               return  this- gt getUser   instanceof User

User · Answer

Try this   if   this- gt container- gt get  security context  - gt isGranted  IS AUTHENTICATED FULLY             authenticated  NON anonymous      Further information       Anonymous users are technically authenticated  meaning that the   isAuthenticated   method of an anonymous user object will return true    To check if your user is actually authenticated  check for the   IS AUTHENTICATED FULLY role     Source  http   symfony com doc current book security html

User · Answer

If you are using security annotation from the SensioFrameworkExtraBundle  you can use a few expressions  that are defined in  Symfony Component Security Core Authorization ExpressionLanguageProvider      Security  is authenticated      to check that the user is authed and not anonymous  Security  is anonymous      to check if the current user is the anonymous user  Security  is fully authenticated      equivalent to is granted  IS AUTHENTICATED FULLY    Security  is remember me      equivalent to is granted  IS AUTHENTICATED REMEMBERED

[symfony] How to check if an user is logged in Symfony2 inside a controller?

Examples related to symfony

Examples related to symfony-security

[symfony] How to check if an user is logged in Symfony2 inside a controller?

Examples related to symfony

Examples related to login

Examples related to symfony-security