Chapters
-
Course Code
Subscribe to download the code!Compatible PHP versions: >=5.3.3
Subscribe to download the code!Compatible PHP versions: >=5.3.3
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Remember Me Functionality
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
Remember Me Functionality¶
I want to leave you with just one more tip. We talked a bit about the remember me functionality, but we didn’t actually see how to use it. Activate the feature by adding the remember_me entry to your firewall and giving it a secret, random key:
# app/config/security.yml
security:
# ...
firewalls:
secured_area:
# ...
remember_me:
key: "Order 1138"
Tip
You can also use a secret parameter from parameters.yml as a remember me key to centralize secret key management for the entire application.
Next, open the login template and add a field named _remember_me:
{# src/Yoda/UserBundle/Resources/views/Login/login.html.twig #}
{# ... #}
<form ...>
<hr/>
Remember me <input type="checkbox" name="_remember_me" />
<button type="submit" class="btn btn-primary pull-right">login</button>
</form>
This works a bit like login does: as long as we have a _remember_me checkbox and it’s checked, Symfony will take care of everything automatically.
Try it out! After logging in, we now have a REMEMBERME cookie. Let’s clear our session cookie to make sure it’s working. When I refresh, my session is gone but I’m still logged in. Nice! Click anywhere on the web debug toolbar to get into the profiler. Next, click on the “Logs” tab. If you look closely, you can even see some logs for the remember me login process:
DEBUG - Remember-me cookie detected.
INFO - Remember-me cookie accepted.
DEBUG - SecurityContext populated with remember-me token.
Ok gang, that’s all for now! I hope I’ll see you in future Knp screencasts. And remember to check out KnpBundles.com if you’re curious about all the open source bundles that you can bring into your app. Seeya next time!
9 Comments
weaverryan
SFCASTS
MolloKhan
6 years ago
Hi Diego!
Hmm, it's definitely not normal behavior, and I'm not sure if the IP address would affect that. I would think it wouldn't, but I also can't explain *why* it's not working for you. It may not help, but if you delete the session cookie, `tail -f app/logs/dev.log`, then refresh, you should see a log message about the remember me cookie. If the remember me cookie is working, you'd see a message like this: "SecurityContext populated with remember-me token.". Again, it might not help - but if you're curious, you can take a look. If you're *really* curious, you can open the core class that handles the remember me cookie (RememberMeListener) and add debug code there. But be warned - the security stuff can be pretty tough :).
Oh, and on your last question - a good one, with fortunately a simple answer. All you'd need to do to share cookies across subdomains is to make sure that the cookie domain is set to something like *.example.com. This can be controlled with the cookie_domain config option: http://symfony.com/doc/curr...
Cheers!
MolloKhan
SFCASTS
weaverryan
6 years ago
Hey Ryan, thanks for your answer!
Was my bad, I had "IS_AUTHENTICATED_FULLY" in my if statement, instead of "IS_AUTHENTICATED_REMEMBERED"
That's a nice and easy way to share cookies!
One more question:
If I have, lets say:
accounts.mydomain.com
stream.mydomain.com
www.mydomain.com
They all are part of the same website, they just serve different purposes.
Do I have to install symfony to every subdomain ? or there is a way to manage them all with only one installation ?
As always, thanks for your time and have a good day
weaverryan
SFCASTS
MolloKhan
6 years ago
Awesome! For the 3 sites, you have a few options. You could have one app, but then give each route a host requirement, for whatever host you want: http://symfony.com/doc/curr.... You'll actually want to setup some parameters, like is shown about half-way down the page, so that you can have different domains locally (e.g. stream.mydomain.local).
It's more advanced, but you could also setup 3 separate kernels, then have different front controllers for each domain (you'd configure each domain in Apache/Nginx to rewrite through a different file - like app_accounts.php) that boots the different kernels (e.g. AccountKernel, StreamKernel and AppKernel). I don't recommend this, unless you know what you're doing or are *really* concerned about performance (as splitting into 3 apps will be just a little bit faster).
Cheers!
YoyoSan
6 years ago
edited
Hello!
The`
remember_me.key`
is deprecated in 2.8.
remember_me.secret```
should be used instead.
Read more here http://symfony.com/doc/current/cookbook/security/remember_me.html.
Good tip - thanks!
Junaid Farooq
6 years ago
Hi there,
I have a question here. If i dont check the Remember Me checkbox, i will be logged in for the current session means that if i close the browser and then re-open it, i should be logged out as it opens another session to my site. I tried this here, but i was still logged in. Please correct me if i am wrong. I could also see that there is a remember me cookie with a deleted value but if i check the Remember Me checkbox, the rememeber me cookie is set. Also please tell me what is the use of the remember me key that we set in the security.yml config. Thanks in advamce.
Cheers!
MolloKhan
SFCASTS
Junaid Farooq
6 years ago
edited
Hey Junaid Farooq
You are right about the "remember me" functionality, if it's checked, you will be authenticated from the cookie, but, if it's unchecked you will have to provide your credentials every time. Why you could "re-start" your session after closing the browser?Well, that's because you didn't wait enough time to let the server kill your current session. I believe the default time is about 5 minutes (I may be wrong)
> what is the use of the remember me key that we set in the security.yml config
It is for configuring the "remember me" functionality, like setting the life time, specifying a secret value for protecting your cookies, and other things.
I hope it helps you even a bit :)
Cheers!
Junaid Farooq
MolloKhan
6 years ago
edited
Thanks MolloKhan
It does clarify a lot.
Cheers!
"Houston: no signs of life"
Start the conversation!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=5.3.3",
"symfony/symfony": "~2.4", // v2.4.2
"doctrine/orm": "~2.2,>=2.2.3", // v2.4.2
"doctrine/doctrine-bundle": "~1.2", // v1.2.0
"twig/extensions": "~1.0", // v1.0.1
"symfony/assetic-bundle": "~2.3", // v2.3.0
"symfony/swiftmailer-bundle": "~2.3", // v2.3.5
"symfony/monolog-bundle": "~2.4", // v2.5.0
"sensio/distribution-bundle": "~2.3", // v2.3.4
"sensio/framework-extra-bundle": "~3.0", // v3.0.0
"sensio/generator-bundle": "~2.3", // v2.3.4
"incenteev/composer-parameter-handler": "~2.0", // v2.1.0
"doctrine/doctrine-fixtures-bundle": "~2.2.0", // v2.2.0
"ircmaxell/password-compat": "~1.0.3", // 1.0.3
"phpunit/phpunit": "~4.1" // 4.1.0
}
}
Hi, I had a problem in this last step. After login with remember me on, I keep losing my session after deleting Cookie session as shown in the video.
I'm on a virtual machine with ubuntu server and I browse my pages by IP
I'm not sure if this is causing the problem.
Would be nice to hear something about of sharing cookies between subdomains.
Cheers!