4

I'm currently trying to implement the remember me functionality in a Symfony2 project following this guide http://symfony.com/doc/master/cookbook/security/remember_me.html. (I'm currently developing in locale)

So my currently configuration in the security.yml is:

        form_login:
            [...]
            remember_me: true

        remember_me:
            key:      secretKey
            lifetime: 31536000 # 365 days in seconds
            path:     /
            domain:   localhost # Defaults to the current domain from $_SERVER

        access_control:
            - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/admin, role: [IS_AUTHENTICATED_REMEMBERED, ROLE_ADMIN] }

The "REMEMBERME" cookie is created at login and it's still present after I close the browser window. When I open the browser again the cookie is still there, but it gets deleted when I try to access the /admin path and then I get redirected to the login page.

Can't really get my head around is...has anybody encountered problems like this?

Thanks

user1533286
  • 15
  • 2
  • 12
  • look [http://stackoverflow.com/questions/8649398/fosuserbundle-and-remember-me][1] [1]: http://stackoverflow.com/questions/8649398/fosuserbundle-and-remember-me – websky Dec 31 '14 at 14:48
  • Follow this link: http://stackoverflow.com/a/35655301/5986662 Maybe that can help you. Regards – acr30 Feb 26 '16 at 15:18

1 Answers1

4

Maybe there is another rule matched in your access_control

from here: http://symfony.com/doc/current/book/security.html#securing-url-patterns-access-control

You can define as many URL patterns as you need - each is a regular expression. BUT, only one will be matched...

Also read this: http://symfony.com/doc/current/cookbook/security/access_control.html

Basic solution

"Remember me" function in FosUserBundle 1.3.5 (with Symfony 2.6) works for me. I just want to be logged in on my page (see user name, picture ...), after browser was closed.

There is a difference between 'IS_AUTHENTICATED_FULLY' and 'IS_AUTHENTICATED_REMEMBERED'.

In my twig:

{% if is_granted('IS_AUTHENTICATED_REMEMBERED') %}
...
{% endif %}

In my security.yml I used default configuration from Symfony Cookbook (How to Add "Remember Me" Login Functionality). Otherwise it is plain security.yml form FossUserBundle Github documentation.

# app/config/security.yml
security:
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    true
            remember_me:
                key:      "%secret%"
                lifetime: 31536000 # 365 days in seconds
                path:     /
                domain:   ~ # Defaults to the current domain from $_SERVER
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

P.S I have to clear:cache to have it work in IE11

Jirik
  • 1,435
  • 11
  • 18