Adding Remember Me

Keep on Learning!

If you liked what you've learned so far, dive in!
Subscribe to get access to this tutorial plus
video, code and script downloads.

Start your All-Access Pass
Buy just this tutorial for $12.00

With a Subscription, click any sentence in the script to jump to that part of the video!

Login Subscribe

Go back to the HTML form: it has one other field that we haven't talked about yet: the "remember me" checkbox:

... lines 1 - 10
{% block body %}
<form class="form-signin" method="post">
... lines 13 - 26
<div class="checkbox mb-3">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
... lines 32 - 34
</form>
{% endblock %}

You could check & uncheck this to your heart's delight: that works great. But... checking it does... nothing. No worries: making this actually work is super easy - just two steps.

First, make sure that your checkbox has no value and that its name is _remember_me:

... lines 1 - 10
{% block body %}
<form class="form-signin" method="post">
... lines 13 - 26
<div class="checkbox mb-3">
<label>
<input type="checkbox" name="_remember_me"> Remember me
</label>
</div>
... lines 32 - 34
</form>
{% endblock %}

That's the magic name that Symfony will look for. Second, in security.yaml, under your firewall, add a new remember_me section. Add two other keys below this. The first is required: secret set to %kernel.secret%:

security:
... lines 2 - 8
firewalls:
... lines 10 - 12
main:
... lines 14 - 22
remember_me:
secret: '%kernel.secret%'
... lines 25 - 40

Second, lifetime set to 2592000, which is 30 days in seconds:

security:
... lines 2 - 8
firewalls:
... lines 10 - 12
main:
... lines 14 - 22
remember_me:
secret: '%kernel.secret%'
lifetime: 2592000 # 30 days in seconds
... lines 26 - 40

This option is... optional - it defaults to one year.

More about Parameters

As soon as you add this key, if the user checks a checkbox whose name is _remember_me, then a "remember me" cookie will be instantly set and used to log in the user if their session expires. This secret option is a cryptographic secret that's used to sign the data in that cookie. If you ever need a cryptographic secret, Symfony has a parameter called kernel.secret. Remember: anything surrounded by percent signs is a parameter. We never created this parameter directly: this is one of those built-in parameters that Symfony always makes available.

To see a list of all of the parameters, don't forget this handy command:

php bin/console debug:container --parameters

The most important ones start with kernel. Check out kernel.secret. Interesting, it's set to %env(APP_SECRET)%. This means that it's set to the environment variable APP_SECRET. That's one of the variables that's configured in our .env file.

Anyways, let's try this out! I'll re-open my inspector and refresh the login page. Go to Application, Cookies. Right now, there is only one: PHPSESSID.

This time, check the "remember me" box and log in. Now we also have a REMEMBERME cookie! And, check this out: I'm logged in as spacebar1@example.com. Delete the PHPSESSID - it currently starts with q3 - and refresh. Yes! We are still logged in!

A totally new session was created - with a new id. But even though this new session is empty, the remember me cookie causes us to stay logged in. You can even see that there's a new Token class called RememberMeToken. That's a low-level detail, but, it's a nice way to prove that this just worked.

Next - we've happily existed so far without storing or checking user passwords. Time to change that!

Leave a comment!

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": "^7.1.3",
        "ext-iconv": "*",
        "composer/package-versions-deprecated": "^1.11", // 1.11.99
        "knplabs/knp-markdown-bundle": "^1.7", // 1.7.0
        "knplabs/knp-paginator-bundle": "^2.7", // v2.8.0
        "knplabs/knp-time-bundle": "^1.8", // 1.8.0
        "nexylan/slack-bundle": "^2.0,<2.2.0", // v2.0.0
        "php-http/guzzle6-adapter": "^1.1", // v1.1.1
        "sensio/framework-extra-bundle": "^5.1", // v5.2.0
        "stof/doctrine-extensions-bundle": "^1.3", // v1.3.0
        "symfony/asset": "^4.0", // v4.1.4
        "symfony/console": "^4.0", // v4.1.4
        "symfony/flex": "^1.0", // v1.9.10
        "symfony/framework-bundle": "^4.0", // v4.1.4
        "symfony/lts": "^4@dev", // dev-master
        "symfony/orm-pack": "^1.0", // v1.0.6
        "symfony/security-bundle": "^4.0", // v4.1.4
        "symfony/serializer-pack": "^1.0", // v1.0.1
        "symfony/twig-bundle": "^4.0", // v4.1.4
        "symfony/web-server-bundle": "^4.0", // v4.1.4
        "symfony/yaml": "^4.0", // v4.1.4
        "twig/extensions": "^1.5" // v1.5.2
    },
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.0", // 3.0.2
        "easycorp/easy-log-handler": "^1.0.2", // v1.0.7
        "fzaninotto/faker": "^1.7", // v1.8.0
        "symfony/debug-bundle": "^3.3|^4.0", // v4.1.4
        "symfony/dotenv": "^4.0", // v4.1.4
        "symfony/maker-bundle": "^1.0", // v1.7.0
        "symfony/monolog-bundle": "^3.0", // v3.3.0
        "symfony/phpunit-bridge": "^3.3|^4.0", // v4.1.4
        "symfony/profiler-pack": "^1.0", // v1.0.3
        "symfony/var-dumper": "^3.3|^4.0" // v4.1.4
    }
}