0

I try to set the remember me functionnality in Symfony 5. When the checkbox isn't checked and logging in, the user is still connected after reopenning the browser.

Here is my config (security.yaml) :

security:
#(...)
    firewalls:
#(...)
        main:
#(...)
            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 31536000 # 365 days in seconds (default)
                path:     /
                # by default, the feature is enabled by checking a
                # checkbox in the login form (see below), uncomment the
                # following line to always enable it.
                #always_remember_me: true

            form_login:
                login_path: login
                check_path: login
                use_referer: true
                default_target_path: welcome_locale
#(...)

And here is my login checkbox:

<label>
    <input type="checkbox" id="remember_me" name="_remember_me" value="remember-me" checked> Remember me</label>

Am I missing something ?

yivi
  • 42,438
  • 18
  • 116
  • 138
evolmind
  • 359
  • 1
  • 10
  • 30
  • I want when the checkbox **isn't checked** (remember me disabled) that user logs out when closing browser. – evolmind Mar 31 '20 at 13:56

1 Answers1

1

The remember_me config option isn't used for that purpose. As said in the doc:

Once a user is authenticated, their credentials are typically stored in the session. This means that when the session ends they will be logged out and have to provide their login details again next time they wish to access the application. You can allow users to choose to stay logged in for longer than the session lasts using a cookie with the remember_me firewall option

It just says that the session will last longer than the normal session variable by using a cookie.

By default the session isn't destroyed when you close the browser.

In this two posts you can find more info on how to do something like that in PHP which may help you solve it.

Post1

Post2

alexcm
  • 171
  • 1
  • 4
  • 12