Buy

Remember Me Functionality

I want to leave you with just one more tip. We talked a bit about the remember me functionality, but we didn’t actually see how to use it. Activate the feature by adding the remember_me entry to your firewall and giving it a secret, random key:

# app/config/security.yml
security:
    # ...
    firewalls:
        secured_area:
            # ...
            remember_me:
                key: "Order 1138"

Tip

You can also use a secret parameter from parameters.yml as a remember me key to centralize secret key management for the entire application.

Next, open the login template and add a field named _remember_me:

{# src/Yoda/UserBundle/Resources/views/Login/login.html.twig #}
{# ... #}

<form ...>

    <hr/>
    Remember me <input type="checkbox" name="_remember_me" />
    <button type="submit" class="btn btn-primary pull-right">login</button>
</form>

This works a bit like login does: as long as we have a _remember_me checkbox and it’s checked, Symfony will take care of everything automatically.

Try it out! After logging in, we now have a REMEMBERME cookie. Let’s clear our session cookie to make sure it’s working. When I refresh, my session is gone but I’m still logged in. Nice! Click anywhere on the web debug toolbar to get into the profiler. Next, click on the “Logs” tab. If you look closely, you can even see some logs for the remember me login process:

DEBUG - Remember-me cookie detected.
INFO - Remember-me cookie accepted.
DEBUG - SecurityContext populated with remember-me token.

Ok gang, that’s all for now! I hope I’ll see you in future Knp screencasts. And remember to check out KnpBundles.com if you’re curious about all the open source bundles that you can bring into your app. Seeya next time!

Leave a comment!

  • 2015-12-22 weaverryan

    Good tip - thanks!

  • 2015-12-22 YoyoSan

    Hello!

    The

    remember_me.key
    is deprecated in 2.8.

    remember_me.secret

    should be used instead.

    Read more here http://symfony.com/doc/current....

  • 2015-01-16 weaverryan

    Awesome! For the 3 sites, you have a few options. You could have one app, but then give each route a host requirement, for whatever host you want: http://symfony.com/doc/current.... You'll actually want to setup some parameters, like is shown about half-way down the page, so that you can have different domains locally (e.g. stream.mydomain.local).

    It's more advanced, but you could also setup 3 separate kernels, then have different front controllers for each domain (you'd configure each domain in Apache/Nginx to rewrite through a different file - like app_accounts.php) that boots the different kernels (e.g. AccountKernel, StreamKernel and AppKernel). I don't recommend this, unless you know what you're doing or are *really* concerned about performance (as splitting into 3 apps will be just a little bit faster).

    Cheers!

  • 2015-01-16 Diego Aguiar

    Hey Ryan, thanks for your answer!

    Was my bad, I had "IS_AUTHENTICATED_FULLY" in my if statement, instead of "IS_AUTHENTICATED_REMEMBERED"

    That's a nice and easy way to share cookies!

    One more question:
    If I have, lets say:
    accounts.mydomain.com
    stream.mydomain.com
    www.mydomain.com

    They all are part of the same website, they just serve different purposes.

    Do I have to install symfony to every subdomain ? or there is a way to manage them all with only one installation ?

    As always, thanks for your time and have a good day

  • 2015-01-16 weaverryan

    Hi Diego!

    Hmm, it's definitely not normal behavior, and I'm not sure if the IP address would affect that. I would think it wouldn't, but I also can't explain *why* it's not working for you. It may not help, but if you delete the session cookie, `tail -f app/logs/dev.log`, then refresh, you should see a log message about the remember me cookie. If the remember me cookie is working, you'd see a message like this: "SecurityContext populated with remember-me token.". Again, it might not help - but if you're curious, you can take a look. If you're *really* curious, you can open the core class that handles the remember me cookie (RememberMeListener) and add debug code there. But be warned - the security stuff can be pretty tough :).

    Oh, and on your last question - a good one, with fortunately a simple answer. All you'd need to do to share cookies across subdomains is to make sure that the cookie domain is set to something like *.example.com. This can be controlled with the cookie_domain config option: http://symfony.com/doc/current...

    Cheers!

  • 2015-01-14 Diego Aguiar

    Hi, I had a problem in this last step. After login with remember me on, I keep losing my session after deleting Cookie session as shown in the video.

    I'm on a virtual machine with ubuntu server and I browse my pages by IP
    I'm not sure if this is causing the problem.

    Would be nice to hear something about of sharing cookies between subdomains.
    Cheers!