@@ -16,17 +16,27 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
1616
1717 # app/config/security.yml
1818 firewalls :
19- main :
19+ default :
20+ # ...
2021 remember_me :
2122 key : " %secret%"
2223 lifetime : 604800 # 1 week in seconds
2324 path : /
25+ # by default, the feature is enabled by checking a
26+ # checkbox in the login form (see below), uncomment the
27+ # below lines to always enable it.
28+ # always_remember_me: true
2429
2530code-block :: xml
2631
2732 <!-- app/config/security.xml -->
2833 <config >
29- <firewall >
34+ <firewall name =" default"
35+ <!-- ... -->
36+
37+ <!-- by default, the feature is enabled by checking a checkbox
38+ in the login form (see below), add always-remember-me="true"
39+ to always enable it. -->
3040 <remember-me
3141 key = " %secret%"
3242 lifetime = " 604800"
@@ -40,11 +50,16 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
4050 // app/config/security.php
4151 $container->loadFromExtension('security', array(
4252 'firewalls' => array(
43- 'main' => array(
53+ 'default' => array(
54+ // ...
4455 'remember_me' => array(
4556 'key' => '%secret%',
4657 'lifetime' => 604800, // 1 week in seconds
4758 'path' => '/',
59+ // by default, the feature is enabled by checking a
60+ // checkbox in the login form (see below), uncomment
61+ // the below lines to always enable it.
62+ //'always_remember_me' => true,
4863 ),
4964 ),
5065 ),
@@ -94,21 +109,30 @@ The ``remember_me`` firewall defines the following configuration options:
94109 "Remember Me" feature is always enabled, regardless of the desire of the
95110 end user.
96111
112+ ``token_provider `` (default value: ``null ``)
113+ Defines the service id of a token provider to use. By default, tokens are
114+ stored in a cookie. For example, you might want to store the token in a
115+ database, to not have a (hashed) version of the password in a cookie. The
116+ DoctrineBridge comes with a
117+ ``Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider `` that
118+ you can use.
119+
97120Forcing the User to Opt-Out of the Remember Me Feature
98121------------------------------------------------------
99122
100123It's a good idea to provide the user with the option to use or not use the
101124remember me functionality, as it will not always be appropriate. The usual
102125way of doing this is to add a checkbox to the login form. By giving the checkbox
103- the name ``_remember_me ``, the cookie will automatically be set when the checkbox
104- is checked and the user successfully logs in. So, your specific login form
105- might ultimately look like this:
126+ the name ``_remember_me `` (or the name you configured using ``remember_me_parameter ``),
127+ the cookie will automatically be set when the checkbox is checked and the user
128+ successfully logs in. So, your specific login form might ultimately look like
129+ this:
106130
107131.. configuration-block ::
108132
109133 .. code-block :: html+jinja
110134
111- {# src/Acme/SecurityBundle/ Resources/views/Security /login.html.twig #}
135+ {# app/ Resources/views/security /login.html.twig #}
112136 {% if error %}
113137 <div>{{ error.message }}</div>
114138 {% endif %}
@@ -128,7 +152,7 @@ might ultimately look like this:
128152
129153 .. code-block :: html+php
130154
131- <!-- src/Acme/SecurityBundle/ Resources/views/Security /login.html.php -->
155+ <!-- app/ Resources/views/security /login.html.php -->
132156 <?php if ($error): ?>
133157 <div><?php echo $error->getMessage() ?></div>
134158 <?php endif ?>
@@ -150,7 +174,7 @@ might ultimately look like this:
150174The user will then automatically be logged in on subsequent visits while
151175the cookie remains valid.
152176
153- Forcing the User to Re-authenticate before Accessing certain Resources
177+ Forcing the User to Re-Authenticate before Accessing certain Resources
154178----------------------------------------------------------------------
155179
156180When the user returns to your site, they are authenticated automatically based
0 commit comments