I would like to implement a Remember me feature. Since I didn't get any custom authenticator, I added one. After adding it, I faced some issues about redirections. On the navigator, the page is looping between "login" page and my destination page.
This loop ends in a
ERR_TOO_MANY_REDIRECTS error.
This error only occurs on page that requires user being logged.
Symfony version: 5.4.
security.yaml
security:
password_hashers:
App\Entity\User: 'auto'
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: 'auto'
cost: 15
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
enable_authenticator_manager: true
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
provider: app_user_provider
custom_authenticators:
- App\Security\CustomAuthenticator
form_login:
login_path: app_login
check_path: app_login
use_referer: true
logout:
path: app_logout
target: index
user_checker: App\Security\UserChecker
remember_me:
secret: '%kernel.secret%' # required
lifetime: 604800 # 1 week in seconds
signature_properties: ['password']
secured_area:
form_login:
enable_csrf: true
access_control:
- { path: '^/admin', roles: IS_AUTHENTICATED_FULLY }
- { path: '^/tableau-de-bord', roles: IS_AUTHENTICATED_FULLY }
- { path: '^/profil', roles: IS_AUTHENTICATED_FULLY }
- { path: '^/dashboard', roles: IS_AUTHENTICATED_FULLY }
- { path: '^/profile', roles: IS_AUTHENTICATED_FULLY }
CodePudding user response:
In the access_control
section, try replacing IS_AUTHENTICATED_FULLY
by IS_AUTHENTICATED_REMEMBERED
:
security.yaml
security:
...
access_control:
- { path: '^/admin', roles: IS_AUTHENTICATED_REMEMBERED }
- { path: '^/tableau-de-bord', roles: IS_AUTHENTICATED_REMEMBERED }
- { path: '^/profil', roles: IS_AUTHENTICATED_REMEMBERED }
- { path: '^/dashboard', roles: IS_AUTHENTICATED_REMEMBERED }
- { path: '^/profile', roles: IS_AUTHENTICATED_REMEMBERED }
From the doc:
IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.