Re: [symfony-users] [Symfony2] How to use the remember_me option in user authentication

Thu, 03 Mar 2011 05:58:45 -0800 

Le 03/03/2011 12:57, Marc Cerrato a écrit :

Hi there,

I have been trying to use the remember_me option when authenticating a
user (form_login authentication). Everything seems to work since the
response header includes a 'set-cookie' with the corresponding
REMEMBERME cookie, but it doesn't appear anymore in the next requests
(it only appears the _SESS cookie: the one set by Symfony2 to persist
the security context of the user).

Here you can see my login form:
-------------------------------
<form action="{{ path("_security_check") }}" method="post">
     <label for="username">Username:</label>
     <input type="text" id="username" name="_username"
value="{{ last_username }}" />

     <label for="password">Password:</label>
     <input type="password" id="password" name="_password" />

     <input type="checkbox" id="remember_me" name="_remember_me"
checked />
     <label for="remember_me">Keep me logged in</label>

     <input type="submit" name="login" value="Login!"/>
</form>
-------------------------------

And my security configuration:
-------------------------------
# Security Configuration
security:
     encoders:
         Symfony\Component\Security\Core\User\AccountInterface: sha512
     providers:
         entity:
             entity: { class: UserBundle:User, property: username }
     firewalls:
         main:
             pattern:    ^.*$
             http_basic: true
             form_login:
                 login_path:           /login
                 check_path:           /login-check
                 default_target_path:  /member
                 remember_me:          true
             anonymous: true
             logout:
                 target:             /login
                 invalidate_session: true
             remember_me:
                 key:      someS3cretKey
                 lifetime: 3600
                 path:     /
                 domain:   localhost
     access_control:
         - { path: /member, role: IS_AUTHENTICATED_FULLY }
         - { path: /user/edit.*, role: IS_AUTHENTICATED_FULLY }
         - { path: /.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
-------------------------------

Why isn't it working properly? Any kind of help will be appreciated!

Regards,
Marc Cerrato
The issue is simple: a remembered used does not have the IS_AUTHENTICATED_FULLY role but only IS_AUTHENTICATED_REMEMBERED to make a difference between a remembered user and a user who logged in 

Regards

--
Christophe | Stof

--
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

Reply via email to