Symfony provides a simple way of preventing users from logging in using the
isEnabled property if the user class implements
However, if the user is logged in nothing will prevent them from accessing the website until their session expires.
The idea would be to check the
isEnabled property upon getting the user entity (
$this->get('security.token_storage')->getToken()->getUser()) and to invalidate the session then. What is the preferred way of doing so?
Or is there a better way to achieve this goal?