remember-me

Could somebody explain how you can manually create a remember me cookie in a controller? I want the users to stay logged in after they pressed the "register" button, without having to login with their credentials afterwards. I've tried to create a cookie manually but i'm guessing the cookie value is incorrect, and therefor the "remember me" functionality doesn't work. A cookie with the correct name gets set. I've checked that. The remember me functionality works as expected when using the normal login procedure with the user's credentials. security.yml security.yml remember me security:

Looking at Gmail's cookies it's easy to see what's stored in the "remember me" cookie. The username/one-time-access-token. It could be implemented differently in cases where the username is secret, as well. But whatever... the thing is not very high security: you steal the cookie and you're ready to go. My question is on the functional side, however: when do you wipe their access tokens? If a user logs in without clicking "remember me" on another machine, should it invalidate their access tokens on all machines ? I'm asking about how this is traditionally implemented, and also how it should be

I have an application with user authenticaton against database. The property I use is email: providers: administrators: entity: class: CorabMainBundle:User property: email Authentication works great! But I have huge problems getting the remember me functionality to work. After several hours I think I found the problem but I don't know how to solve it... Symfony2 seems to try to authenticate with the username instead of email in case of remember me. dev.log says the following: [2013-10-21 23:49:19] security.DEBUG: Remember-me cookie detected. [] [] [2013-10-21 23:49:19] doctrine.DEBUG: SELECT

This question already has an answer here: What is the best way to implement “remember me” for a website? [closed] 4 answers I am using 2 variables in cookie (7 day expiration) which is user id and hash. Hash is sha1 encode of user agent and user id. In this case some hacker can login who is know stolen cookie's browser. Which way should I follow or which practice is best for remember me security problems? While you can hash a user_id and secret_key, anyone who intercepts this cookie can log in to your application. In addition to this, you can make it so that your remember me cookies go stale

I have implemented remember me functionality in Symfony2. When I log in with remember me box checked, cookie named "REMEMBERME" gets created. That cookie is also available if I close browser and open it after many hours. But when I load home page of my application, the cookie gets automatically deleted and I see no user logged in. Can anyone explain me the reason for cookie deletion? remember_me: key: qwerty lifetime: 604800 path: / domain: ~ This is my security.yml file section EDIT: I have still not found the solution to this question... EDIT2: Now got new problem. The REMEMBERME cookie does

I currently log users in programmatically (like when they login through Facebook or other means than using my login form) with: SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken(user, "", authorities) ); What I want to do instead is log the user in as if they set the remember-me option on in the login form. So I'm guessing I need to use the RememberMeAuthenticationToken instead of the UsernamePasswordAuthenticationToken ? But what do I put for the key argument of the constructor? RememberMeAuthenticationToken(String key, Object principal, Collection<