Remember Me functionality not working in Symfony2

Question

I have implemented remember me functionality in Symfony2. When I log in with remember me box checked, cookie named \"REMEMBERME\" gets created. That cookie is also available

Answer 1

John.

I've the same issue as you do (or did), what I've found is that when I am (Symfony2 actually =) ) setting REMEMBERME cookie on line 101 at /vendor/symfony/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeService.php file $user->getPassword() returns NULL, so cookie gets hash calculated with NULL password value.

What happening next, is when you returning to your site being fully confident that you will be automatically authenticated, Symfony begins to check your cookie at the same file as above but on line 58 it founds that cookie hash is not the same as it expects and throws an exception('The cookie\'s hash is invalid.') internally catches it and proceeds somewhere.

So that is the case why in my case cookie doesn't work.

I haven't found a solution yet, but I will dig for it and may be I'm lucky.

Hope your issue is the same and solution will help us both.

The Solution:

When implementing eraseCredentials() which claims to be used to erase user sensitive data from UserInterface do not perform $this->password = null. I've made this mistake because I haven't being understanding its purpose. You can take a glance at Symfony 2 Logout (UserInterface::eraseCredentials) for a little bit of explanation. So it serializes token object and we are in trouble.

Answer 2

In my case it was a wrong implementation of the supportsClass method of my userProvider, which in turn caused an exception in the TokenBasedRememberMeService class on line 43 (thrown by getUserProvider, and catched elsewhere, thus failing silently). Digging in the path shown by Dmitry made me solve the issue.

Answer 3

You should also make sure your "remember_me" input in the login form does not have the value attribute:

This is correct:

<input type="checkbox" id="remember_me" name="_remember_me" />

But this will not work:

<input type="checkbox" id="remember_me" name="_remember_me" value="" />

If you are using form_login, check also that remember_me is enabled in security.yml:

firewalls:
    main:
        form_login:
            # ...
            remember_me: true

Answer 4

In my case I have implemented a custom Login Handler which was returning a RedirectResponse as per documentation. It turns out that that makes Symfony to bypass the standard login routine, and causing the REMEMBERME cookie not been created/stored.

I had to remove the Login Handler, implement a custom Login Listener with all needed logic.

You can see how to implement a Login Listener here