Remember Me functionality not working in Symfony2

I had this problem and the issue was that I did not use single quotation marks in the property key of remember_me section (security.yml).

Change this:

remember_me:
    key:      qwerty
    lifetime: 604800
    path:     /
    domain:   ~

to this:

remember_me:
    key:      'qwerty'
    lifetime: 604800
    path:     /
    domain:   ~


You can check it in the symfony documentation:
http://symfony.com/doc/2.7/cookbook/security/remember_me.html


Although this question has already been answered, I would like to contribute a possible solution, if only for posterity and Google search referrals for this problem :)

"The issue is simple: a remembered used does not have the IS_AUTHENTICATED_FULLY role but only IS_AUTHENTICATED_REMEMBERED to make a difference between a remembered user and a user who logged in"

Source: http://www.mail-archive.com/[email protected]/msg34021.html

What this means is that in your security configuration, you must make sure that for every ACL entry the IS_AUTHENTICATED_REMEMBERED role is configured in addition to the IS_AUTHENTICATED_FULLY role.

For example:

#app/config/security.yml
security:
    ...
    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: [IS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_REMEMBERED] }

John.

I've the same issue as you do (or did), what I've found is that when I am (Symfony2 actually =) ) setting REMEMBERME cookie on line 101 at /vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeService.php file $user->getPassword() returns NULL, so cookie gets hash calculated with NULL password value.

What happening next, is when you returning to your site being fully confident that you will be automatically authenticated, Symfony begins to check your cookie at the same file as above but on line 58 it founds that cookie hash is not the same as it expects and throws an exception('The cookie\'s hash is invalid.') internally catches it and proceeds somewhere.

So that is the case why in my case cookie doesn't work.

I haven't found a solution yet, but I will dig for it and may be I'm lucky.

Hope your issue is the same and solution will help us both.

The Solution:

When implementing eraseCredentials() which claims to be used to erase user sensitive data from UserInterface do not perform $this->password = null. I've made this mistake because I haven't being understanding its purpose. You can take a glance at Symfony 2 Logout (UserInterface::eraseCredentials) for a little bit of explanation. So it serializes token object and we are in trouble.

Tags:

Remember Me

Symfony

Recent Posts