Flag of Ukraine
SymfonyCasts stands united with the people of Ukraine
This tutorial has a new version, check it out!

Remember Me Functionality

Keep on Learning!

If you liked what you've learned so far, dive in!
Subscribe to get access to this tutorial plus
video, code and script downloads.

Start your All-Access Pass
Buy just this tutorial for $12.00

Remember Me Functionality

I want to leave you with just one more tip. We talked a bit about the remember me functionality, but we didn’t actually see how to use it. Activate the feature by adding the remember_me entry to your firewall and giving it a secret, random key:

# app/config/security.yml
    # ...
            # ...
                key: "Order 1138"


You can also use a secret parameter from parameters.yml as a remember me key to centralize secret key management for the entire application.

Next, open the login template and add a field named _remember_me:

{# src/Yoda/UserBundle/Resources/views/Login/login.html.twig #}
{# ... #}

<form ...>

    Remember me <input type="checkbox" name="_remember_me" />
    <button type="submit" class="btn btn-primary pull-right">login</button>

This works a bit like login does: as long as we have a _remember_me checkbox and it’s checked, Symfony will take care of everything automatically.

Try it out! After logging in, we now have a REMEMBERME cookie. Let’s clear our session cookie to make sure it’s working. When I refresh, my session is gone but I’m still logged in. Nice! Click anywhere on the web debug toolbar to get into the profiler. Next, click on the “Logs” tab. If you look closely, you can even see some logs for the remember me login process:

DEBUG - Remember-me cookie detected.
INFO - Remember-me cookie accepted.
DEBUG - SecurityContext populated with remember-me token.

Ok gang, that’s all for now! I hope I’ll see you in future Knp screencasts. And remember to check out KnpBundles.com if you’re curious about all the open source bundles that you can bring into your app. Seeya next time!

Leave a comment!

Login or Register to join the conversation

Hi, I had a problem in this last step. After login with remember me on, I keep losing my session after deleting Cookie session as shown in the video.

I'm on a virtual machine with ubuntu server and I browse my pages by IP
I'm not sure if this is causing the problem.

Would be nice to hear something about of sharing cookies between subdomains.


Hi Diego!

Hmm, it's definitely not normal behavior, and I'm not sure if the IP address would affect that. I would think it wouldn't, but I also can't explain *why* it's not working for you. It may not help, but if you delete the session cookie, `tail -f app/logs/dev.log`, then refresh, you should see a log message about the remember me cookie. If the remember me cookie is working, you'd see a message like this: "SecurityContext populated with remember-me token.". Again, it might not help - but if you're curious, you can take a look. If you're *really* curious, you can open the core class that handles the remember me cookie (RememberMeListener) and add debug code there. But be warned - the security stuff can be pretty tough :).

Oh, and on your last question - a good one, with fortunately a simple answer. All you'd need to do to share cookies across subdomains is to make sure that the cookie domain is set to something like *.example.com. This can be controlled with the cookie_domain config option: http://symfony.com/doc/curr...


1 Reply

Hey Ryan, thanks for your answer!

Was my bad, I had "IS_AUTHENTICATED_FULLY" in my if statement, instead of "IS_AUTHENTICATED_REMEMBERED"

That's a nice and easy way to share cookies!

One more question:
If I have, lets say:

They all are part of the same website, they just serve different purposes.

Do I have to install symfony to every subdomain ? or there is a way to manage them all with only one installation ?

As always, thanks for your time and have a good day


Awesome! For the 3 sites, you have a few options. You could have one app, but then give each route a host requirement, for whatever host you want: http://symfony.com/doc/curr.... You'll actually want to setup some parameters, like is shown about half-way down the page, so that you can have different domains locally (e.g. stream.mydomain.local).

It's more advanced, but you could also setup 3 separate kernels, then have different front controllers for each domain (you'd configure each domain in Apache/Nginx to rewrite through a different file - like app_accounts.php) that boots the different kernels (e.g. AccountKernel, StreamKernel and AppKernel). I don't recommend this, unless you know what you're doing or are *really* concerned about performance (as splitting into 3 apps will be just a little bit faster).


Default user avatar
Default user avatar YoyoSan | posted 5 years ago | edited


is deprecated in 2.8.

 should be used instead.

Read more here http://symfony.com/doc/current/cookbook/security/remember_me.html.

Good tip - thanks!

Default user avatar
Default user avatar Junaid Farooq | posted 5 years ago

Hi there,

I have a question here. If i dont check the Remember Me checkbox, i will be logged in for the current session means that if i close the browser and then re-open it, i should be logged out as it opens another session to my site. I tried this here, but i was still logged in. Please correct me if i am wrong. I could also see that there is a remember me cookie with a deleted value but if i check the Remember Me checkbox, the rememeber me cookie is set. Also please tell me what is the use of the remember me key that we set in the security.yml config. Thanks in advamce.



Hey Junaid Farooq

You are right about the "remember me" functionality, if it's checked, you will be authenticated from the cookie, but, if it's unchecked you will have to provide your credentials every time. Why you could "re-start" your session after closing the browser?Well, that's because you didn't wait enough time to let the server kill your current session. I believe the default time is about 5 minutes (I may be wrong)

> what is the use of the remember me key that we set in the security.yml config
It is for configuring the "remember me" functionality, like setting the life time, specifying a secret value for protecting your cookies, and other things.

I hope it helps you even a bit :)


1 Reply
Default user avatar
Default user avatar Junaid Farooq | MolloKhan | posted 5 years ago | edited

Thanks MolloKhan

It does clarify a lot.


4 Reply
Cat in space

"Houston: no signs of life"
Start the conversation!

What PHP libraries does this tutorial use?

// composer.json
    "require": {
        "php": ">=5.3.3",
        "symfony/symfony": "~2.4", // v2.4.2
        "doctrine/orm": "~2.2,>=2.2.3", // v2.4.2
        "doctrine/doctrine-bundle": "~1.2", // v1.2.0
        "twig/extensions": "~1.0", // v1.0.1
        "symfony/assetic-bundle": "~2.3", // v2.3.0
        "symfony/swiftmailer-bundle": "~2.3", // v2.3.5
        "symfony/monolog-bundle": "~2.4", // v2.5.0
        "sensio/distribution-bundle": "~2.3", // v2.3.4
        "sensio/framework-extra-bundle": "~3.0", // v3.0.0
        "sensio/generator-bundle": "~2.3", // v2.3.4
        "incenteev/composer-parameter-handler": "~2.0", // v2.1.0
        "doctrine/doctrine-fixtures-bundle": "~2.2.0", // v2.2.0
        "ircmaxell/password-compat": "~1.0.3", // 1.0.3
        "phpunit/phpunit": "~4.1" // 4.1.0