Remember me doesn't work in Firefox, IE8, Opera and Chrome.
On 22 Cze, 12:50, Sid Bachtiar <[email protected]> wrote:
> If you are using Firefox then check the Firefox settings. Make sure
> session is not made expired on closing the browser.
>
>
>
> On Mon, Jun 22, 2009 at 10:45 PM, dziobacz<[email protected]> wrote:
>
> > But checked 'remember me' checkbox doesn't work.
>
> > On 22 Cze, 12:30, Sid Bachtiar <[email protected]> wrote:
> >> But I think there is a 'remember me' checkbox option that warns them about
> >> it.
>
> >> It is a dangerous arrangement, so you need to be very careful here.
>
> >> On Mon, Jun 22, 2009 at 10:25 PM, dziobacz<[email protected]> wrote:
>
> >> > But in 99% forums user is still loged on after closed and opened
> >> > browser. For example here:http://www.dbforums.com/Sothis solution
> >> > is normal and very popular.
>
> >> > I think I have found a solution:
>
> >> > user:
> >> > class: myUser
> >> > param:
> >> > timeout: 2592000
>
> >> > storage:
> >> > class: sfSessionStorage
> >> > param:
> >> > session_cookie_lifetime: 2592000
>
> >> > timeout and session_cookie_lifetime must be exacly the same because
> >> > Symfony takes minimum from timeout and session_cookie_lifetime.
>
> >> > On 22 Cze, 12:09, Gareth McCumskey <[email protected]> wrote:
> >> >> Here's an example scenario. Your user goes to an Internet cafe. He logs
> >> >> into
> >> >> your web application and does what he wants to do then closes the
> >> >> browser
> >> >> (without logging out first) then walks out the door. If the session was
> >> >> not
> >> >> killed on browser exit then the next person that comes along and opens
> >> >> the
> >> >> browser and views the history or if the browser was setup to keep tabs
> >> >> open,
> >> >> they can then access your users account.
>
> >> >> Work with the assumption that the browser exit will always kill the
> >> >> session.
> >> >> It is by far a better security arrangement.
>
> >> >> On Mon, Jun 22, 2009 at 11:45 AM, Sid Bachtiar
> >> >> <[email protected]>wrote:
>
> >> >> > Hi,
>
> >> >> > That's just how browser usually setup, to kill session when it is
> >> >> > closed.
>
> >> >> > The timeout is for if user has the browser window opened, but inactive
> >> >> > (e.g.: not making any request to server) for x amount of time.
>
> >> >> > You need to think about the security aspect when setting the timeout.
> >> >> > The longer the timeout, the more chance of your user forgot to logout
> >> >> > and someone else using their account.
>
> >> >> > On Mon, Jun 22, 2009 at 8:59 PM, dziobacz<[email protected]>
> >> >> > wrote:
>
> >> >> > > User should be log in 30 days = 2592000 seconds. In factories.yml I
> >> >> > > have:
> >> >> > > all:
> >> >> > > user:
> >> >> > > class: myUser
> >> >> > > param:
> >> >> > > timeout: 2592000
>
> >> >> > > But after closed browser user is log out and he must log in again,
> >> >> > > why ? What should I do ?
>
> >> >> > --
> >> >> > Blue Horn Ltd - System Development
> >> >> >http://bluehorn.co.nz
>
> >> >> --
> >> >> Gareth McCumskeyhttp://garethmccumskey.blogspot.com
> >> >> twitter: @garethmcc
>
> >> --
> >> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz
>
> --
> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
