1

Using Symfony 7.3, I have this basic security.yaml:

        form_login:
            login_path: app_login
            check_path: app_login
            enable_csrf: true
            success_handler: App\Vision\Security\EventHandler\LoginSuccessHandler
        
        logout:
            path: app_logout
            target: app_login

        remember_me:
            lifetime: 604800
            path: /
            # activated or not, same result
            #always_remember_me: true

And my custom LoginFormAuthenticator is:

class LoginFormAuthenticator extends AbstractLoginFormAuthenticator
{
use TargetPathTrait;

public function __construct(
    private readonly RouterInterface $router,
    private readonly UserRepository $userRepository
) {
}


public function authenticate(Request $request): Passport
{
    $email = $request->request->get('_username');

    return new Passport(
        new UserBadge($email, function (string $userIdentifier) {
            return $this->userRepository->findOneBy(['email' => $userIdentifier]);
        }),
        new PasswordCredentials($request->request->get('_password')),
        [new RememberMeBadge()],
    );
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
    $user = $token->getUser();
    $target = $this->getTargetPath($request->getSession(), 'main');
    if (!empty($target) && $target !== '0') {
        return new RedirectResponse($target);
    }

    return new RedirectResponse($this->router->generate('app_dashboard'));
}

protected function getLoginUrl(Request $request): string
{
    return $this->router->generate('app_login');
}
}

I have in my form then a checkbox to remember, but when connected, looking at the profiler in the authenticators part, I see:

skipped "Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator"

This authenticator did not support the request.

And yes, I need to login every 30 minutes, not every week as expected. What am I missing ? How to check or test the RememberMe works correctly ? The cookie Remember is well set on my navigator, but still not working.

Improve this question
2
  • Can you add more code please? Like the class extended by your LoginSuccessHandler. Check: symfony.com/doc/current/security/custom_authenticator.html If your custom authenticator is a login form, consider extending AbstractLoginFormAuthenticator to simplify your implementation. Commented Oct 23 at 12:00
  • @Zoubinours I have updated my question, I tried a custom FormAuthenticator, but same problem Commented Nov 7 at 9:30

1 Answer 1

Reset to default
0

Ok, I had in my security.yaml:

access_control:
    - { path: ^/login, roles: PUBLIC_ACCESS }
    - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

And according to the doc:

IS_AUTHENTICATED_FULLY: This is similar to IS_AUTHENTICATED_REMEMBERED, but stronger. Users who are logged in only because of a "remember me cookie" will have IS_AUTHENTICATED_REMEMBERED but will not have IS_AUTHENTICATED_FULLY.

I change by:

- { path: ^/, roles: IS_AUTHENTICATED }

And it works.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.