Remember Me functionality not working in Symfony2
I have implemented remember me functionality in Symfony2. When I log in with remember me box checked, cookie named "REMEMBERME" gets created. That cookie is also available if I close browser and open it after many hours. But when I load home page of my application, the cookie gets automatically deleted and I see no user logged in. Can anyon开发者_运维问答e explain me the reason for cookie deletion?
remember_me:
key: qwerty
lifetime: 604800
path: /
domain: ~
This is my security.yml file section
EDIT: I have still not found the solution to this question...
EDIT2: Now got new problem. The REMEMBERME cookie does not get set at all. How to solve this??
SOLVED: see answer below
Although this question has already been answered, I would like to contribute a possible solution, if only for posterity and Google search referrals for this problem :)
"The issue is simple: a remembered used does not have the IS_AUTHENTICATED_FULLY role but only IS_AUTHENTICATED_REMEMBERED to make a difference between a remembered user and a user who logged in"
Source: http://www.mail-archive.com/symfony-users@googlegroups.com/msg34021.html
What this means is that in your security configuration, you must make sure that for every ACL entry the IS_AUTHENTICATED_REMEMBERED role is configured in addition to the IS_AUTHENTICATED_FULLY role.
For example:
#app/config/security.yml
security:
...
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: [IS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_REMEMBERED] }
John.
I've the same issue as you do (or did), what I've found is that when I am (Symfony2 actually =) ) setting REMEMBERME cookie on line 101 at /vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeService.php file $user->getPassword() returns NULL, so cookie gets hash calculated with NULL password value.
What happening next, is when you returning to your site being fully confident that you will be automatically authenticated, Symfony begins to check your cookie at the same file as above but on line 58 it founds that cookie hash is not the same as it expects and throws an exception('The cookie\'s hash is invalid.') internally catches it and proceeds somewhere.
So that is the case why in my case cookie doesn't work.
I haven't found a solution yet, but I will dig for it and may be I'm lucky.
Hope your issue is the same and solution will help us both.
The Solution:
When implementing eraseCredentials() which claims to be used to erase user sensitive data from UserInterface do not perform $this->password = null. I've made this mistake because I haven't being understanding its purpose. You can take a glance at Symfony 2 Logout (UserInterface::eraseCredentials) for a little bit of explanation. So it serializes token object and we are in trouble.
I had this problem and the issue was that I did not use single quotation marks in the property key of remember_me section (security.yml).
Change this:
remember_me: key: qwerty lifetime: 604800 path: / domain: ~
to this:
remember_me: key: 'qwerty' lifetime: 604800 path: / domain: ~
You can check it in the symfony documentation:
http://symfony.com/doc/2.7/cookbook/security/remember_me.html
try to increase your session lifetime: (config.yml)
framework:
session:
default_locale: %locale%
auto_start: true
lifetime: 604800
In my case it was a wrong implementation of the supportsClass method of my userProvider, which in turn caused an exception in the TokenBasedRememberMeService class on line 43 (thrown by getUserProvider, and catched elsewhere, thus failing silently). Digging in the path shown by Dmitry made me solve the issue.
In my case I have implemented a custom Login Handler which was returning a RedirectResponse
as per documentation. It turns out that that makes Symfony to bypass the standard login routine, and causing the REMEMBERME
cookie not been created/stored.
I had to remove the Login Handler, implement a custom Login Listener with all needed logic.
You can see how to implement a Login Listener here
You should also make sure your "remember_me" input in the login form does not have the value attribute:
This is correct:
<input type="checkbox" id="remember_me" name="_remember_me" />
But this will not work:
<input type="checkbox" id="remember_me" name="_remember_me" value="" />
If you are using form_login, check also that remember_me is enabled in security.yml:
firewalls:
main:
form_login:
# ...
remember_me: true
I had the same issue. After investigation I found that :
/vendor/symfony/doctrine-bridge/Security/User/EntityUserProvider.php::loadUserByUsername()
requires to either have set the property
field on your entity user provider or that your repository implements Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface
and has a method loadUserByUsername()
.
I just added the property field like so :
providers:
user_provider:
entity:
class: App\Entity\User
property: email
I'm using Symfony 4 and I had a similar problem, the REMEMBERME
cookies was not set.
My issue was that I had a value=""
set to the input type checkbox field.
So I changed from this
<input type="checkbox" value="" id="remember_me" name="_remember_me">
to this
<input type="checkbox" id="remember_me" name="_remember_me">
In my case, the authenticators was overided with the method supportsRememberMe:
public function supportsRememberMe()
{
return true; // change it to true
}
精彩评论