New in Symfony 6.4: Impersonation Utilities
Contributed by
Phil E. Taylor
and Alexandre Daubois
in #50030
and #51804.
User impersonation is a popular Symfony security feature that allows you to
log in in the application as another user without knowing their credentials. It’s
mostly useful to debug issues reported by your customers that you can’t reproduce
with your own user.
Symfony provides some Twig functions to ease working with user impersonation:
impersonation_exit_path() and impersonation_exit_url(). These functions
generate the relative and absolute URL that you need to browse to exit or stop
the impersonation and return back to your own user.
In Symfony 6.4 we’re adding new Twig functions related to impersonation.
They are called impersonation_path() and impersonation_url() and they
generate the relative/absolute URL needed to impersonate a user:
{# e.g. add this in the profile page of a user in the backend #}
<a href=„{{ impersonation_path(customer.username) }}„>Impersonate {{ customer.name }}</a>
{# e.g. add this in the emails sent by your customer support service #}
<a href=„{{ impersonation_url(customer.username) }}„>Impersonate {{ customer.name }}</a>
Using these functions is more future-proof than generating the paths/URLs manually,
because the query string parameter included in them is a „magic string“ that is
configurable in the application.
Symfony Blog