@@ -3,50 +3,53 @@ How to add "Remember Me" Login Functionality
33
44Once a user is authenticated, their credentials are typically stored in the
55session. This means that when the session ends they will be logged out and
6- have to provide their login details again next time they wish to access the
7- application. You can allow users to choose to stay logged in for longer than
8- the session lasts using a cookie with the ``remember_me `` firewall option.
9- The firewall needs to have a secret key configured, which is used to encrypt
10- the cookie's content. It also has several options with default values which
6+ have to provide their login details again next time they wish to access the
7+ application. You can allow users to choose to stay logged in for longer than
8+ the session lasts using a cookie with the ``remember_me `` firewall option.
9+ The firewall needs to have a secret key configured, which is used to encrypt
10+ the cookie's content. It also has several options with default values which
1111are shown here:
1212
1313.. configuration-block ::
1414
1515 .. code-block :: yaml
1616
1717 # app/config/security.yml
18+
1819 firewalls :
1920 main :
2021 remember_me :
21- key : aSecretKey
22+ key : %secret%
2223 lifetime : 3600
2324 path : /
2425 domain : ~ # Defaults to the current domain from $_SERVER
2526
2627code-block :: xml
2728
2829 <!-- app/config/security.xml -->
30+
2931 <config >
3032 <firewall >
3133 <remember-me
32- key = " aSecretKey "
33- lifetime = " 3600"
34- path = " /"
35- domain = " "
34+ key = " %secret% "
35+ lifetime = " 3600"
36+ path = " /"
37+ domain = " "
3638 />
3739 </firewall >
3840 </config >
3941
4042code-block :: php
4143
4244 // app/config/security.php
45+
4346 $container->loadFromExtension('security', array(
4447 'firewalls' => array(
4548 'main' => array('remember_me' => array(
46- 'key' => 'aSecretKey ',
47- 'lifetime' => 3600,
48- 'path' => '/',
49- 'domain' => '', // Defaults to the current domain from $_SERVER
49+ 'key' => '%secret% ',
50+ 'lifetime' => 3600,
51+ 'path' => '/',
52+ 'domain' => '', // Defaults to the current domain from $_SERVER
5053 )),
5154 ),
5255 ));
@@ -89,7 +92,7 @@ might ultimately look like this:
8992
9093 <form action="<?php echo $view['router']->generate('login_check') ?>" method="post">
9194 <label for="username">Username:</label>
92- <input type="text" id="username"
95+ <input type="text" id="username"
9396 name="_username" value="<?php echo $last_username ?>" />
9497
9598 <label for="password">Password:</label>
@@ -117,12 +120,12 @@ before accessing certain resources. For example, you might allow a "remember me"
117120user to see basic account information, but then require them to actually
118121re-authenticate before modifying that information.
119122
120- The security component provides an easy way to do this. In addition to roles
123+ The security component provides an easy way to do this. In addition to roles
121124explicitly assigned to them, users are automatically given one of the following
122125roles depending on how they are authenticated:
123126
124- * ``IS_AUTHENTICATED_ANONYMOUSLY `` - automatically assigned to a user who is
125- in a firewall protected part of the site but who has not actually logged in.
127+ * ``IS_AUTHENTICATED_ANONYMOUSLY `` - automatically assigned to a user who is
128+ in a firewall protected part of the site but who has not actually logged in.
126129 This is only possible if anonymous access has been allowed.
127130
128131* ``IS_AUTHENTICATED_REMEMBERED `` - automatically assigned to a user who
@@ -140,14 +143,14 @@ You can use these to control access beyond the explicitly assigned roles.
140143 role, then you also have the other two roles. In other words, these roles
141144 represent three levels of increasing "strength" of authentication.
142145
143- You can use these additional roles for finer grained control over access to
144- parts of a site. For example, you may want you user to be able to view their
145- account at ``/account `` when authenticated by cookie but to have to provide
146+ You can use these additional roles for finer grained control over access to
147+ parts of a site. For example, you may want you user to be able to view their
148+ account at ``/account `` when authenticated by cookie but to have to provide
146149their login details to be able to edit the account details. You can do this
147150by securing specific controller actions using these roles. The edit action
148- in the controller could be secured using the service context.
151+ in the controller could be secured using the service context.
149152
150- In the following example, the action is only allowed if the user has the
153+ In the following example, the action is only allowed if the user has the
151154``IS_AUTHENTICATED_FULLY `` role.
152155
153 156.. code-block :: php
@@ -186,10 +189,10 @@ which can secure your controller using annotations:
186189 If you also had an access control in your security configuration that
187190 required the user to have a ``ROLE_USER `` role in order to access any
188191 of the account area, then you'd have the following situation:
189-
192+
190193 * If a non-authenticated (or anonymously authenticated user) tries to
191194 access the account area, the user will be asked to authenticate.
192-
195+
193196 * Once the user has entered his username and password, assuming the
194197 user receives the ``ROLE_USER `` role per your configuration, the user
195198 will have the ``IS_AUTHENTICATED_FULLY `` role and be able to access
0 commit comments