Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added some more docs about the remember me feature #5401

Merged
merged 1 commit into from
Jun 28, 2015
Merged

Added some more docs about the remember me feature #5401

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 33 additions & 9 deletions cookbook/security/remember_me.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,27 @@ the session lasts using a cookie with the ``remember_me`` firewall option:

# app/config/security.yml
firewalls:
main:
default:
# ...
remember_me:
key: "%secret%"
lifetime: 604800 # 1 week in seconds
path: /
# by default, the feature is enabled by checking a
# checkbox in the login form (see below), uncomment the
# below lines to always enable it.
#always_remember_me: true

.. code-block:: xml

<!-- app/config/security.xml -->
<config>
<firewall>
<firewall name="default">
<!-- ... -->

<!-- by default, the feature is enabled by checking a checkbox
in the login form (see below), add always-remember-me="true"
to always enable it. -->
<remember-me
key = "%secret%"
lifetime = "604800" <!-- 1 week in seconds -->
Expand All @@ -40,11 +50,16 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
// app/config/security.php
$container->loadFromExtension('security', array(
'firewalls' => array(
'main' => array(
'default' => array(
// ...
'remember_me' => array(
'key' => '%secret%',
'lifetime' => 604800, // 1 week in seconds
'path' => '/',
// by default, the feature is enabled by checking a
// checkbox in the login form (see below), uncomment
// the below lines to always enable it.
//'always_remember_me' => true,
),
),
),
Expand Down Expand Up @@ -94,21 +109,30 @@ The ``remember_me`` firewall defines the following configuration options:
"Remember Me" feature is always enabled, regardless of the desire of the
end user.

``token_provider`` (default value: ``null``)
Defines the service id of a token provider to use. By default, tokens are
stored in a cookie. For example, you might want to store the token in a
database, to not have a (hashed) version of the password in a cookie. The
DoctrineBridge comes with a
``Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider`` that
you can use.

Forcing the User to Opt-Out of the Remember Me Feature
------------------------------------------------------

It's a good idea to provide the user with the option to use or not use the
remember me functionality, as it will not always be appropriate. The usual
way of doing this is to add a checkbox to the login form. By giving the checkbox
the name ``_remember_me``, the cookie will automatically be set when the checkbox
is checked and the user successfully logs in. So, your specific login form
might ultimately look like this:
the name ``_remember_me`` (or the name you configured using ``remember_me_parameter``),
the cookie will automatically be set when the checkbox is checked and the user
successfully logs in. So, your specific login form might ultimately look like
this:

.. configuration-block::

.. code-block:: html+jinja

{# src/Acme/SecurityBundle/Resources/views/Security/login.html.twig #}
{# app/Resources/views/security/login.html.twig #}
{% if error %}
<div>{{ error.message }}</div>
{% endif %}
Expand All @@ -128,7 +152,7 @@ might ultimately look like this:

.. code-block:: html+php

<!-- src/Acme/SecurityBundle/Resources/views/Security/login.html.php -->
<!-- app/Resources/views/security/login.html.php -->
<?php if ($error): ?>
<div><?php echo $error->getMessage() ?></div>
<?php endif ?>
Expand All @@ -150,7 +174,7 @@ might ultimately look like this:
The user will then automatically be logged in on subsequent visits while
the cookie remains valid.

Forcing the User to Re-authenticate before Accessing certain Resources
Forcing the User to Re-Authenticate before Accessing certain Resources
----------------------------------------------------------------------

When the user returns to your site, they are authenticated automatically based
Expand Down