How to configure a remember me aware listener in Symfony 2?

Question

I have implemented a custom authentication provider successfully, but now I also need to add 'remember me' functionality, and I couldn't find docs on how to do that.

I tried adding this:

remember_me:
    key: "%secret%"
    lifetime: 31536000 # 1 year
    always_remember_me: true

But it says this:

You must configure at least one remember-me aware listener (such as form-login) for each firewall that has remember-me enabled.

I found this but I'm not sure how to use it: Symfony\Component\Security\Core\Authentication\Provider\RememberMeAuthenticationProvider

So where is the RememberMeAwareInterface? (I guess there is one? Like ContainerAware) And what should I do with it?

I don't think I need to write my own implementation, the default one should work fine with my custom auth provider.

Answer 1

Did you add this to your form_login section?

form_login:
    remember_me: true

Answer 2

I was having the same issue with a custom Facebook authentication provider I wrote. The solution ended up being pretty simple:

I'll assume you implemented a custom authentication provider with a custom SecurityFactoryInterface implementation that extends from Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory. If you did this, the rest is a matter of configuration:

1. In your security configuration, configure the remember_me functionality for your firewall. Assuming you're configuring that into the public firewall, the added config params might look something like this:

   firewalls:
       public:
           remember_me:
               key:      "%secret%"
               lifetime: 31536000 # 365 days in seconds
               path:     /
               domain:   ~ # Defaults to the current domain from $_SERVER
   

2. In the same configuration, enable the remember_me functionality for your authentication provider. Assuming you're configuring that into the public firewall and your SecurityFactoryInterface implementation's getKey() method returns yourAuthProviderKey, the added config params might look something like this:

   firewalls:
       public:
           yourAuthProviderKey:
               remember_me:        true
   

3. Finally, when your Authentication Provider handles logins, make sure you request the remember me feature by having an http GET or POST parameter named _remember_me with value 1 in the http request. (Note though: this parameter might need a different name if you changed its default value in your security config.) For example, in my case, I had to tell Facebook to redirect to the following URL after it handled the authentication: http://www.mydomain.com/auth-callback/?_remember_me=1. (Note the part after the ?)

Hope this helps!

Answer 3

From Symfony 2.8, the "key" is replaced by "secret". So you will have:

remember_me:
   secret: %secret%
   lifetime: 31536000

If you run across this error, that is the fix