Chapters
47 Chapters
|
4:41:51
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
¡Este tutorial también funciona muy bien para Symfony 6!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"babdev/pagerfanta-bundle": "^3.3", // v3.3.0
"composer/package-versions-deprecated": "^1.11", // 1.11.99.4
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^2.1", // 2.6.3
"doctrine/doctrine-migrations-bundle": "^3.0", // 3.1.1
"doctrine/orm": "^2.7", // 2.10.1
"knplabs/knp-markdown-bundle": "^1.8", // 1.9.0
"knplabs/knp-time-bundle": "^1.11", // v1.16.1
"pagerfanta/doctrine-orm-adapter": "^3.3", // v3.3.0
"pagerfanta/twig": "^3.3", // v3.3.0
"phpdocumentor/reflection-docblock": "^5.2", // 5.2.2
"scheb/2fa-bundle": "^5.12", // v5.12.1
"scheb/2fa-qr-code": "^5.12", // v5.12.1
"scheb/2fa-totp": "^5.12", // v5.12.1
"sensio/framework-extra-bundle": "^6.0", // v6.2.0
"stof/doctrine-extensions-bundle": "^1.4", // v1.6.0
"symfony/asset": "5.3.*", // v5.3.4
"symfony/console": "5.3.*", // v5.3.7
"symfony/dotenv": "5.3.*", // v5.3.8
"symfony/flex": "^1.3.1", // v1.21.6
"symfony/form": "5.3.*", // v5.3.8
"symfony/framework-bundle": "5.3.*", // v5.3.8
"symfony/monolog-bundle": "^3.0", // v3.7.0
"symfony/property-access": "5.3.*", // v5.3.8
"symfony/property-info": "5.3.*", // v5.3.8
"symfony/rate-limiter": "5.3.*", // v5.3.4
"symfony/runtime": "5.3.*", // v5.3.4
"symfony/security-bundle": "5.3.*", // v5.3.8
"symfony/serializer": "5.3.*", // v5.3.8
"symfony/stopwatch": "5.3.*", // v5.3.4
"symfony/twig-bundle": "5.3.*", // v5.3.4
"symfony/ux-chartjs": "^1.3", // v1.3.0
"symfony/validator": "5.3.*", // v5.3.8
"symfony/webpack-encore-bundle": "^1.7", // v1.12.0
"symfony/yaml": "5.3.*", // v5.3.6
"symfonycasts/verify-email-bundle": "^1.5", // v1.5.0
"twig/extra-bundle": "^2.12|^3.0", // v3.3.3
"twig/string-extra": "^3.3", // v3.3.3
"twig/twig": "^2.12|^3.0" // v3.3.3
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.3", // 3.4.0
"symfony/debug-bundle": "5.3.*", // v5.3.4
"symfony/maker-bundle": "^1.15", // v1.34.0
"symfony/var-dumper": "5.3.*", // v5.3.8
"symfony/web-profiler-bundle": "5.3.*", // v5.3.8
"zenstruck/foundry": "^1.1" // v1.13.3
}
}
5 Comments
Question: Where can we see / config how long the REMEMBERME cookie is valid? And - what is a good duration?
Hey @skipper-henrik,
You can run
bin/console debug:config security firewallsand under your firewall name (probablymain), find theremember_me.lifetimevalue. It's in seconds and defaults to a year. You can adjust it inconfig/packages/security.yaml. Undersecret: ..., addlifetime: ....Since the default is a year, I'm guessing some thought went into that value as being a good default. Just make sure sensitive areas like "changing your password" are protected by
IS_AUTHENTICATED_FULLYto force a re-login before accessing (chapter 23 discusses this in more detail).--Kevin
Hi! Seems like it's been even more simplified with sym 5.4, using the main: form_login authenticator all I needed to do was add the checkbox to the view, name it _remember_me like you explained, and symfony picks it right up.
A question though - how can I set the cookie to httpOnly:false? I make som asynchronous requests (jQuery ajax) for which this cookie is not valid, so parts of my site still works, while other parts (built on ajax requests) tell the user "you are not logged in".
Hmm... I found the setting, so I set my cookie REMEMBERME to
httponly: false(under remember_me in thesecurity.yaml), but the behavior was still present, so apparently it wasn't caused by that setting. I kept digging and realized that I was testing the authenticated status withif ($this->isGranted('IS_AUTHENTICATED_FULLY')which returns false if you are logged in through a cookie. I changed it toif ($this->isGranted('IS_AUTHENTICATED_FULLY') || $this->isGranted('IS_AUTHENTICATED_REMEMBERED'))and it works like a charm, without lowering the bar by setting
httponly: false, I was out in left field there =)Hey Matt,
Good catch! I'm glad you were able to figure it out yourself. Yes, that
IS_AUTHENTICATED_FULLYignores the REMEMBER_ME cookies and looks only at the session - it's useful for some parts of your app where you want have extra security, e.g. the change password page. In this cases, even if the user is still authenticated via REMEMBER_ME - we still want user to log in fully first to be able to change their password.About that
if ($this->isGranted('IS_AUTHENTICATED_FULLY') || $this->isGranted('IS_AUTHENTICATED_REMEMBERED'))- it's redundant here to check for IS_AUTHENTICATED_FULLY, it's just enough to check for IS_AUTHENTICATED_REMEMBERED and that's it. I.e. you either check for IS_AUTHENTICATED_FULLY or IS_AUTHENTICATED_REMEMBERED, but checking both in the same if clause has no sense :)Cheers!
"Houston: no signs of life"
Start the conversation!