Home > Blockchain >  Symfony 5.4 remember_me always deleted when browser is closed
Symfony 5.4 remember_me always deleted when browser is closed

Time:10-27

I try to set Symfony (version 5.4.14 / PHP 7.4 / Wamp) Remember me functionnality. I configured well strictly as indicated in the doc (badge in authenticator etc.).

The cookie is created but when I close my browser (Chrome or Firefox, both tested) the cookie is deleted. I tried to set a value (3600) for session.cookie_lifetime in php.ini (and of course restart Wamp) but the problem persists. Any idea?

security.yaml:

remember_me:
    secret: '%kernel.secret%' # required
    lifetime: 604800 # 1 week in seconds
    # by default, the feature is enabled by checking a
    # checkbox in the login form (see below), uncomment the
    # following line to always enable it.
    always_remember_me: true

Authenticator class:

<?php

namespace App\Security;

use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Http\Authenticator\AbstractLoginFormAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\CsrfTokenBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Util\TargetPathTrait;

class AppParticipantAuthenticator extends      AbstractLoginFormAuthenticator
{
  use TargetPathTrait;

  public const LOGIN_ROUTE = 'app_login';

  private UrlGeneratorInterface $urlGenerator;

  public function __construct(UrlGeneratorInterface $urlGenerator)
  {
     $this->urlGenerator = $urlGenerator;
  }

  public function authenticate(Request $request): Passport
  {
      $email = $request->request->get('email', '');

      $request->getSession()->set(Security::LAST_USERNAME, $email);

      return new Passport(
        new UserBadge($email),
        new PasswordCredentials($request->request->get('password',    '')),
        [
            new RememberMeBadge(),
            new CsrfTokenBadge('authenticate', $request->request->get('_csrf_token')),
        ]
    );
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
    if ($targetPath = $this->getTargetPath($request->getSession(), $firewallName)) {
        return new RedirectResponse($targetPath);
    }

    // For example:
    return new RedirectResponse($this->urlGenerator->generate('app_sortie_index'));
    // throw new \Exception('TODO: provide a valid redirect inside '.__FILE__);
}

protected function getLoginUrl(Request $request): string
{
    return $this->urlGenerator->generate(self::LOGIN_ROUTE);
}

 public function supports(Request $request) : bool
 {
    return self::LOGIN_ROUTE === $request->attributes->get('_route') && $request->isMethod('POST');
 }
}

CodePudding user response:

I think you need to write CsrfTokenBadge before RememberMeBadge in your code, like this:

    new PasswordCredentials($request->request->get('password',    '')),
    [
        new CsrfTokenBadge('authenticate', $request->request->get('_csrf_token')),
        new RememberMeBadge(),
    ]

CodePudding user response:

Set the session lifetime in framework.yaml, this is an example:

 framework:

    # Enables session support. Note that the session will ONLY be started if you read or write from it.
    session:
        enabled: true
        handler_id: session.handler.native_file
        save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
        cookie_lifetime: 2592000
        gc_maxlifetime: 2592000
        cookie_secure: auto
        cookie_samesite: lax

https://symfony.com/doc/current/components/http_foundation/session_configuration.html

  • Related