Below you will find pages that utilize the taxonomy term “Sessions”
Articles
read more
Symfony2: Security enhancements part II
Part II of this series is all about validating the user’s session. You can find Part I here, if you missed it.
Collect Failed Authentication Attempts
Now and then a user will forget his password and try a few times before going to the “reset password” page. However, when a “user” keeps trying to authenticate with bad credentials, you may be subject to a brute-force attack. Therefore, you should collect failed authentication attempts. Your strategy may then be to block the account until further notice, while providing the user with a way to re-activate his account. When authentication fails, an event is fired, which you may intercept by registering an event listener or subscriber: