Le 03/03/2011 12:57, Marc Cerrato a écrit :
Hi there,
I have been trying to use the remember_me option when authenticating a
user (form_login authentication). Everything seems to work since the
response header includes a 'set-cookie' with the corresponding
REMEMBERME cookie, but it doesn't appear anymore in the next requests
(it only appears the _SESS cookie: the one set by Symfony2 to persist
the security context of the user).
Here you can see my login form:
-------------------------------
<form action="{{ path("_security_check") }}" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="_username"
value="{{ last_username }}" />
<label for="password">Password:</label>
<input type="password" id="password" name="_password" />
<input type="checkbox" id="remember_me" name="_remember_me"
checked />
<label for="remember_me">Keep me logged in</label>
<input type="submit" name="login" value="Login!"/>
</form>
-------------------------------
And my security configuration:
-------------------------------
# Security Configuration
security:
encoders:
Symfony\Component\Security\Core\User\AccountInterface: sha512
providers:
entity:
entity: { class: UserBundle:User, property: username }
firewalls:
main:
pattern: ^.*$
http_basic: true
form_login:
login_path: /login
check_path: /login-check
default_target_path: /member
remember_me: true
anonymous: true
logout:
target: /login
invalidate_session: true
remember_me:
key: someS3cretKey
lifetime: 3600
path: /
domain: localhost
access_control:
- { path: /member, role: IS_AUTHENTICATED_FULLY }
- { path: /user/edit.*, role: IS_AUTHENTICATED_FULLY }
- { path: /.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
-------------------------------
Why isn't it working properly? Any kind of help will be appreciated!
Regards,
Marc Cerrato
The issue is simple: a remembered used does not have the
IS_AUTHENTICATED_FULLY role but only IS_AUTHENTICATED_REMEMBERED to make
a difference between a remembered user and a user who logged in
Regards
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en