This tutorial has a new version, check it out!

Remember Me Functionality

Remember Me Functionality

I want to leave you with just one more tip. We talked a bit about the remember me functionality, but we didn’t actually see how to use it. Activate the feature by adding the remember_me entry to your firewall and giving it a secret, random key:

# app/config/security.yml
    # ...
            # ...
                key: "Order 1138"


You can also use a secret parameter from parameters.yml as a remember me key to centralize secret key management for the entire application.

Next, open the login template and add a field named _remember_me:

{# src/Yoda/UserBundle/Resources/views/Login/login.html.twig #}
{# ... #}

<form ...>

    Remember me <input type="checkbox" name="_remember_me" />
    <button type="submit" class="btn btn-primary pull-right">login</button>

This works a bit like login does: as long as we have a _remember_me checkbox and it’s checked, Symfony will take care of everything automatically.

Try it out! After logging in, we now have a REMEMBERME cookie. Let’s clear our session cookie to make sure it’s working. When I refresh, my session is gone but I’m still logged in. Nice! Click anywhere on the web debug toolbar to get into the profiler. Next, click on the “Logs” tab. If you look closely, you can even see some logs for the remember me login process:

DEBUG - Remember-me cookie detected.
INFO - Remember-me cookie accepted.
DEBUG - SecurityContext populated with remember-me token.

Ok gang, that’s all for now! I hope I’ll see you in future Knp screencasts. And remember to check out if you’re curious about all the open source bundles that you can bring into your app. Seeya next time!

Leave a comment!

  • 2018-02-23 Junaid Farooq

    Thanks Diego Aguiar

    It does clarify a lot.


  • 2018-02-22 Diego Aguiar

    Hey Junaid Farooq

    You are right about the "remember me" functionality, if it's checked, you will be authenticated from the cookie, but, if it's unchecked you will have to provide your credentials every time. Why you could "re-start" your session after closing the browser?Well, that's because you didn't wait enough time to let the server kill your current session. I believe the default time is about 5 minutes (I may be wrong)

    > what is the use of the remember me key that we set in the security.yml config
    It is for configuring the "remember me" functionality, like setting the life time, specifying a secret value for protecting your cookies, and other things.

    I hope it helps you even a bit :)


  • 2018-02-22 Junaid Farooq

    Hi there,

    I have a question here. If i dont check the Remember Me checkbox, i will be logged in for the current session means that if i close the browser and then re-open it, i should be logged out as it opens another session to my site. I tried this here, but i was still logged in. Please correct me if i am wrong. I could also see that there is a remember me cookie with a deleted value but if i check the Remember Me checkbox, the rememeber me cookie is set. Also please tell me what is the use of the remember me key that we set in the security.yml config. Thanks in advamce.


  • 2015-12-22 weaverryan

    Good tip - thanks!

  • 2015-12-22 YoyoSan



    is deprecated in 2.8.


    should be used instead.

    Read more here

  • 2015-01-16 weaverryan

    Awesome! For the 3 sites, you have a few options. You could have one app, but then give each route a host requirement, for whatever host you want: You'll actually want to setup some parameters, like is shown about half-way down the page, so that you can have different domains locally (e.g. stream.mydomain.local).

    It's more advanced, but you could also setup 3 separate kernels, then have different front controllers for each domain (you'd configure each domain in Apache/Nginx to rewrite through a different file - like app_accounts.php) that boots the different kernels (e.g. AccountKernel, StreamKernel and AppKernel). I don't recommend this, unless you know what you're doing or are *really* concerned about performance (as splitting into 3 apps will be just a little bit faster).


  • 2015-01-16 Diego Aguiar

    Hey Ryan, thanks for your answer!

    Was my bad, I had "IS_AUTHENTICATED_FULLY" in my if statement, instead of "IS_AUTHENTICATED_REMEMBERED"

    That's a nice and easy way to share cookies!

    One more question:
    If I have, lets say:

    They all are part of the same website, they just serve different purposes.

    Do I have to install symfony to every subdomain ? or there is a way to manage them all with only one installation ?

    As always, thanks for your time and have a good day

  • 2015-01-16 weaverryan

    Hi Diego!

    Hmm, it's definitely not normal behavior, and I'm not sure if the IP address would affect that. I would think it wouldn't, but I also can't explain *why* it's not working for you. It may not help, but if you delete the session cookie, `tail -f app/logs/dev.log`, then refresh, you should see a log message about the remember me cookie. If the remember me cookie is working, you'd see a message like this: "SecurityContext populated with remember-me token.". Again, it might not help - but if you're curious, you can take a look. If you're *really* curious, you can open the core class that handles the remember me cookie (RememberMeListener) and add debug code there. But be warned - the security stuff can be pretty tough :).

    Oh, and on your last question - a good one, with fortunately a simple answer. All you'd need to do to share cookies across subdomains is to make sure that the cookie domain is set to something like * This can be controlled with the cookie_domain config option:


  • 2015-01-14 Diego Aguiar

    Hi, I had a problem in this last step. After login with remember me on, I keep losing my session after deleting Cookie session as shown in the video.

    I'm on a virtual machine with ubuntu server and I browse my pages by IP
    I'm not sure if this is causing the problem.

    Would be nice to hear something about of sharing cookies between subdomains.