Symfony infinite loop leading to ERR_TOO_MANY

I would like to implement a Remember me feature. Since I didn't get any custom authenticator, I added one. After adding it, I faced some issues about redirections. On the navigator, the page is looping between "login" page and my destination page.

This loop ends in a

ERR_TOO_MANY_REDIRECTS error.

This error only occurs on page that requires user being logged.

Symfony version: 5.4.

security.yaml

security:
    password_hashers:
        App\Entity\User: 'auto'

       Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
            algorithm: 'auto'
            cost:      15

    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email

    enable_authenticator_manager: true

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            provider: app_user_provider
            custom_authenticators:
                - App\Security\CustomAuthenticator
            form_login:
                login_path: app_login
                check_path: app_login
                use_referer: true
            logout:
                path: app_logout
                target: index
            user_checker: App\Security\UserChecker

            remember_me:
                secret: '%kernel.secret%' # required
                lifetime: 604800 # 1 week in seconds
                signature_properties: ['password']
                
        secured_area:
            form_login:
                enable_csrf: true

    access_control:
        - { path: '^/admin',           roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/tableau-de-bord', roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/profil',          roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/dashboard',       roles: IS_AUTHENTICATED_FULLY }
        - { path: '^/profile',         roles: IS_AUTHENTICATED_FULLY }

CodePudding user response：

In the access_control section, try replacing IS_AUTHENTICATED_FULLY by IS_AUTHENTICATED_REMEMBERED:

security.yaml

security:
    ...
    access_control:
        - { path: '^/admin',           roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/tableau-de-bord', roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/profil',          roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/dashboard',       roles: IS_AUTHENTICATED_REMEMBERED }
        - { path: '^/profile',         roles: IS_AUTHENTICATED_REMEMBERED }

From the doc:

IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.