Hi all, I have a bit of an oddity with the remember me implementation.
I've configured it based on the cookbook entry; http://symfony.com/doc/current/cookbook/security/remember_me.html And I have the cookie lifetime set to 20 days. On login the cookie is set correctly, and if I let my session expire, then proceed to a secure page the remember me process runs (I can trace that through the framework, the listener, factory, service, the user provider etc). If the page I access returns a successful response, i.e. the user does have access, then it appears to work fine. However, if the page I access does not grant access then the login page is presented, rather than the access denied page. I would expect that once remember me has been processed, and the user is authenticated, that if the page they access is denied, they are still logged in, but just have access to that page denied. I'm not making any checks on this page regarding fully authenticated, just a simple role check, and if not present (which it isn't) then I throw new AccessDeniedException('You do not have permission to edit this Item'); If I am logged in normally and access that page, I see the page (in dev) that you would expect containing the stack trace with that exception and message. Think this may be an issue rather than with implementation, can anyone confirm this? Many thanks, Chris -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
