How to configure a remember me aware listener in Symfony 2?

Question

I have implemented a custom authentication provider successfully, but now I also need to add \'remember me\' functionality, and I couldn\'t find docs on how to do that.

Answer 1

I was having the same issue with a custom Facebook authentication provider I wrote. The solution ended up being pretty simple:

I'll assume you implemented a custom authentication provider with a custom SecurityFactoryInterface implementation that extends from Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory. If you did this, the rest is a matter of configuration:

1. In your security configuration, configure the remember_me functionality for your firewall. Assuming you're configuring that into the public firewall, the added config params might look something like this:

   firewalls:
       public:
           remember_me:
               key:      "%secret%"
               lifetime: 31536000 # 365 days in seconds
               path:     /
               domain:   ~ # Defaults to the current domain from $_SERVER
   

2. In the same configuration, enable the remember_me functionality for your authentication provider. Assuming you're configuring that into the public firewall and your SecurityFactoryInterface implementation's getKey() method returns yourAuthProviderKey, the added config params might look something like this:

   firewalls:
       public:
           yourAuthProviderKey:
               remember_me:        true
   

3. Finally, when your Authentication Provider handles logins, make sure you request the remember me feature by having an http GET or POST parameter named _remember_me with value 1 in the http request. (Note though: this parameter might need a different name if you changed its default value in your security config.) For example, in my case, I had to tell Facebook to redirect to the following URL after it handled the authentication: http://www.mydomain.com/auth-callback/?_remember_me=1. (Note the part after the ?)

Hope this helps!

Answer 2

From Symfony 2.8, the "key" is replaced by "secret". So you will have:

remember_me:
   secret: %secret%
   lifetime: 31536000

If you run across this error, that is the fix

Answer 3

Did you add this to your form_login section?

form_login:
    remember_me: true

Answer 4

In my case it happened when i create a Factory class implementing SecurityFactoryInterface (as it was described in example "How to Create a custom Authentication Provider"). Later i found that another way to create this Factory is extending from AbstractFactory which contains neccessary readme stuff (you can find it create() method). So there are two solutions: 1) extend AbstractFactory instead of implementing SecurityFactoryInterface 2) implement SecurityFactoryInterface and copypaste readme related code. In symfony 3.1:

       // add remember-me aware tag if requested
    if ($this->isRememberMeAware($config)) {
        $container
            ->getDefinition($listenerId)
            ->addTag('security.remember_me_aware', array('id' => $id, 'provider' => $userProviderId))
        ;
    }

Answer 5

You can try this:

firewalls:                   
    secured_area:
        pattern:    ^/
        anonymous: ~
        form_login:
            csrf_provider: form.csrf_provider
            login_path:  login
            check_path:  login_check
            always_use_default_target_path: true
            default_target_path: /the-cao
            remember_me: true
        logout:
            path: /logout
            target: /
        remember_me:
            key:      "%secret%"
            lifetime: 31536000 # 365 days in seconds
            path:     /
            domain:   ~ # Defaults to the current domain from $_SERVER