skip to Main Content

I try to set Symfony (version 5.4.14 / PHP 7.4 / Wamp) Remember me functionnality. I configured well strictly as indicated in the doc (badge in authenticator etc.).

The cookie is created but when I close my browser (Chrome or Firefox, both tested) the cookie is deleted. I tried to set a value (3600) for session.cookie_lifetime in php.ini (and of course restart Wamp) but the problem persists. Any idea?

security.yaml:

remember_me:
    secret: '%kernel.secret%' # required
    lifetime: 604800 # 1 week in seconds
    # by default, the feature is enabled by checking a
    # checkbox in the login form (see below), uncomment the
    # following line to always enable it.
    always_remember_me: true

Authenticator class:

<?php

namespace AppSecurity;

use SymfonyComponentHttpFoundationRedirectResponse;
use SymfonyComponentHttpFoundationRequest;
use SymfonyComponentHttpFoundationResponse;
use SymfonyComponentRoutingGeneratorUrlGeneratorInterface;
use SymfonyComponentSecurityCoreAuthenticationTokenTokenInterface;
 use SymfonyComponentSecurityCoreSecurity;
 use SymfonyComponentSecurityHttpAuthenticatorAbstractLoginFormAuthenticator;
use SymfonyComponentSecurityHttpAuthenticatorPassportBadgeCsrfTokenBadge;
use SymfonyComponentSecurityHttpAuthenticatorPassportBadgeRememberMeBadge;
use SymfonyComponentSecurityHttpAuthenticatorPassportBadgeUserBadge;
use SymfonyComponentSecurityHttpAuthenticatorPassportCredentialsPasswordCredentials;
use SymfonyComponentSecurityHttpAuthenticatorPassportPassport;
use SymfonyComponentSecurityHttpUtilTargetPathTrait;

class AppParticipantAuthenticator extends      AbstractLoginFormAuthenticator
{
  use TargetPathTrait;

  public const LOGIN_ROUTE = 'app_login';

  private UrlGeneratorInterface $urlGenerator;

  public function __construct(UrlGeneratorInterface $urlGenerator)
  {
     $this->urlGenerator = $urlGenerator;
  }

  public function authenticate(Request $request): Passport
  {
      $email = $request->request->get('email', '');

      $request->getSession()->set(Security::LAST_USERNAME, $email);

      return new Passport(
        new UserBadge($email),
        new PasswordCredentials($request->request->get('password',    '')),
        [
            new RememberMeBadge(),
            new CsrfTokenBadge('authenticate', $request->request->get('_csrf_token')),
        ]
    );
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
    if ($targetPath = $this->getTargetPath($request->getSession(), $firewallName)) {
        return new RedirectResponse($targetPath);
    }

    // For example:
    return new RedirectResponse($this->urlGenerator->generate('app_sortie_index'));
    // throw new Exception('TODO: provide a valid redirect inside '.__FILE__);
}

protected function getLoginUrl(Request $request): string
{
    return $this->urlGenerator->generate(self::LOGIN_ROUTE);
}

 public function supports(Request $request) : bool
 {
    return self::LOGIN_ROUTE === $request->attributes->get('_route') && $request->isMethod('POST');
 }
}

2

Answers


  1. I think you need to write CsrfTokenBadge before RememberMeBadge in your code, like this:

        new PasswordCredentials($request->request->get('password',    '')),
        [
            new CsrfTokenBadge('authenticate', $request->request->get('_csrf_token')),
            new RememberMeBadge(),
        ]
    
    Login or Signup to reply.
  2. Set the session lifetime in framework.yaml, this is an example:

     framework:
    
        # Enables session support. Note that the session will ONLY be started if you read or write from it.
        session:
            enabled: true
            handler_id: session.handler.native_file
            save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
            cookie_lifetime: 2592000
            gc_maxlifetime: 2592000
            cookie_secure: auto
            cookie_samesite: lax
    

    https://symfony.com/doc/current/components/http_foundation/session_configuration.html

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search