protected function checkSessionKeys(Token\Token $sessionAuth)
{
$userEntity = $sessionAuth->getUser();
$tokenEntity = $sessionAuth->getToken();
// The auth token is based on hostname, IP and browser user agent
$key = $this->getAuthToken($userEntity->getUsername(), $tokenEntity->getSalt());
if ($key === $tokenEntity->getToken()) {
return true;
}
// Audit the failure
$event = new AccessControlEvent($this->requestStack->getCurrentRequest());
/** @var Token\Token $sessionAuth */
$sessionAuth = $this->session->get('authentication');
$userName = $sessionAuth ? $sessionAuth->getToken()->getUsername() : null;
$event->setUserName($userName);
$this->dispatcher->dispatch(AccessControlEvents::ACCESS_CHECK_FAILURE, $event->setReason(AccessControlEvents::FAILURE_INVALID));
$this->systemLogger->error("Invalidating session: Recalculated session token '{$key}' doesn't match user provided token '" . $tokenEntity->getToken() . "'", ['event' => 'authentication']);
$this->systemLogger->info("Automatically logged out user '" . $userEntity->getUsername() . "': Session data didn't match.", ['event' => 'authentication']);
return false;
}
