1

I'm using Symfony 2.7.6, I have configured the 'Remember Me' options as described in the documentation on a Forms based authentication system with a database backend. Everything is working fine but the remember me option.

I log in via the /login page and check 'Remember Me', two cookies are created, a PHPSID and REMEMBERME.

I close my browser, open the page again and a new PHP cookie is created, REMEMBERME is still there. I am unauthenticated at this point, review profiler logs and no mention of finding/reading the cookie exists.

To get started with security, check out the documentation:

http://symfony.com/doc/current/book/security.html

security:

# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    db_provider:
        entity:
            class: AppBundle:User
            property: email

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        anonymous: ~
        form_login:
            remember_me: true
            login_path: /login
            check_path: /login_check
            default_target_path: homepage
        logout:
            path:   /logout
            target: /
        remember_me:
            key: "amsys_8222013"
            lifetime: 604800 # 1 week in seconds
            path: ~
            domain: ~
            always_remember_me: true

        provider: db_provider

access_control:
    # require ROLE_ADMIN for /admin*
    - {path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - {path: ^/, roles: ROLE_USER }
    - {path: ^/admin, roles: ROLE_USER }

encoders:
    AppBundle\Entity\User:
        algorithm: bcrypt

SecurityController.php

<?php
namespace AppBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;

class SecurityController extends Controller
{
/**
 * @Route("/login", name="login_route")
 */
public function loginAction(Request $request)
{
    $authenticationUtils = $this->get('security.authentication_utils');

    // get the login error if there is one
    $error = $authenticationUtils->getLastAuthenticationError();

    // last username entered by the user
    $lastUsername = $authenticationUtils->getLastUsername();

    return $this->render(
        'security/login.html.twig',
        array(
            // last username entered by the user
            'last_username' => $lastUsername,
            'error'         => $error,
        )
    );
}

/**
 * @Route("/login_check", name="login_check")
 */
public function loginCheckAction()
{
    // this controller will not be executed,
    // as the route is handled by the Security system
}
}

I've been stuck for hours now and I have no idea where the issue is.

Tim D.
  • 119
  • 10
  • have you read [this answer](http://stackoverflow.com/a/9239842/5397119) ? – Sergio Ivanuzzo Nov 22 '15 at 19:49
  • and also [this](https://github.com/FriendsOfSymfony/FOSUserBundle/issues/1221) – Sergio Ivanuzzo Nov 22 '15 at 19:51
  • Unfortunately yes I did and they are of no help, I have no errors, no log entries and cookie gets created but is never read. Thank you though. – Tim D. Nov 22 '15 at 20:32
  • I've got a few questions to help me understand your problem better: (1) Does the Symfony toolbar show you as logged in? (2) What happens if you change the `path` entry to `path: /` and remove the `domain:` line (both under `main.remember_me` in your security file)? (3) Does it work if you replace `- {path: ^/, roles: ROLE_USER }` with `- {path: ^/, roles: IS_AUTHENTICATED_REMEMBERED }` in your firewall config? (4) Does adding `pattern: ^/` directly under the `main` entry in your firewall config help? – Sam Jan 13 '16 at 12:59

0 Answers0