@@ -16,17 +16,29 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
1616
1717 # app/config/security.yml
1818 firewalls :
19- main :
19+ default :
20+ # ...
2021 remember_me :
2122 key : " %secret%"
2223 lifetime : 604800 # 1 week in seconds
2324 path : /
25+ # by default, the feature is enabled using
26+ # a checkbox in the login form (see below),
27+ # uncomment the below lines to always enable
28+ # it.
29+ # always_remember_me: true
2430
2531code-block :: xml
2632
2733 <!-- app/config/security.xml -->
2834 <config >
29- <firewall >
35+ <firewall name =" default"
36+ <!-- ... -->
37+
38+ <!-- by default, the feature is enabled using
39+ a checkbox in the login form (see below),
40+ add always-remember-me="true" to always
41+ enable it. -->
3042 <remember-me
3143 key = " %secret%"
3244 lifetime = " 604800"
@@ -40,11 +52,17 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
4052 // app/config/security.php
4153 $container->loadFromExtension('security', array(
4254 'firewalls' => array(
43- 'main' => array(
55+ 'default' => array(
56+ // ...
4457 'remember_me' => array(
4558 'key' => '%secret%',
4659 'lifetime' => 604800, // 1 week in seconds
4760 'path' => '/',
61+ // by default, the feature is enabled using
62+ // a checkbox in the login form (see below),
63+ // uncomment the below lines to always enable
64+ // it.
65+ //'always_remember_me' => true,
4866 ),
4967 ),
5068 ),
@@ -94,21 +112,30 @@ The ``remember_me`` firewall defines the following configuration options:
94112 "Remember Me" feature is always enabled, regardless of the desire of the
95113 end user.
96114
115+ ``token_provider `` (default value: ``null ``)
116+ Defines the service id of a token provider to use. By default, tokens are
117+ stored in a cookie. For example, you might want to store the token in a
118+ database, to not have a (hashed) version of the password in a cookie. The
119+ DoctrineBridge comes with a
120+ ``Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider `` that
121+ you can use.
122+
97123Forcing the User to Opt-Out of the Remember Me Feature
98124------------------------------------------------------
99125
100126It's a good idea to provide the user with the option to use or not use the
101127remember me functionality, as it will not always be appropriate. The usual
102128way of doing this is to add a checkbox to the login form. By giving the checkbox
103- the name ``_remember_me ``, the cookie will automatically be set when the checkbox
104- is checked and the user successfully logs in. So, your specific login form
105- might ultimately look like this:
129+ the name ``_remember_me `` (or the name you configured using ``remember_me_parameter ``),
130+ the cookie will automatically be set when the checkbox is checked and the user
131+ successfully logs in. So, your specific login form might ultimately look like
132+ this:
106133
107134.. configuration-block ::
108135
109136 .. code-block :: html+jinja
110137
111- {# src/Acme/SecurityBundle/ Resources/views/Security /login.html.twig #}
138+ {# app/ Resources/views/security /login.html.twig #}
112139 {% if error %}
113140 <div>{{ error.message }}</div>
114141 {% endif %}
@@ -128,7 +155,7 @@ might ultimately look like this:
128155
129156 .. code-block :: html+php
130157
131- <!-- src/Acme/SecurityBundle/ Resources/views/Security /login.html.php -->
158+ <!-- app/ Resources/views/security /login.html.php -->
132159 <?php if ($error): ?>
133160 <div><?php echo $error->getMessage() ?></div>
134161 <?php endif ?>
@@ -150,7 +177,7 @@ might ultimately look like this:
150177The user will then automatically be logged in on subsequent visits while
151178the cookie remains valid.
152179
153- Forcing the User to Re-authenticate before Accessing certain Resources
180+ Forcing the User to Re-Authenticate before Accessing certain Resources
154181----------------------------------------------------------------------
155182
156183When the user returns to your site, they are authenticated automatically based
0 commit comments