ZF2 user remember me not working

Question

I am trying to implement rememberme functionality for my ZF2 v2.2 site. So here is what i have done so far : I created a service for session manager to write the session to db :

'session' => array(
    'remember_me_seconds' => 2419200,
    'use_cookies' => true,
    'cookie_httponly' => true,
),


        'session_manager' => function (ServiceManager $sm) {
            $adapter = $sm->get('db_adapter');
            $config = $sm->get('app_config');
            $sessionOptions = new Session\SaveHandler\DbTableGatewayOptions();
            $sessionTableGateway = new TableGateway('tbl_session', $adapter);
            $saveHandler = new Session\SaveHandler\DbTableGateway($sessionTableGateway, $sessionOptions);
            $sessionConfig = new Session\Config\SessionConfig();
            $sessionConfig->setCookieDomain(ACTIVE_SITE);
            $sessionConfig->setCookieSecure(true);
            $sessionConfig->setOptions($config['session']);
            $sessionManager = new Session\SessionManager($sessionConfig, NULL, $saveHandler);
            $sessionManager->start();
            return $sessionManager;
        },

And used this session manager for my sessions and AuthenticationService :

Session\Container::setDefaultManager($sm->get('session_manager'));

        'user_auth_service' => function (ServiceManager $sm) {
            $authService = new \Zend\Authentication\AuthenticationService();
            $session = new \Zend\Authentication\Storage\Session(null, null, $sm->get('session_manager'));
            $authService->setStorage($session);
            return $authService;
        },

And in my login form i use remember me :

 public function login(\User\Model\User $user)
    {
        $authAdapter = $this->getServiceLocator()->get('user_auth_adapter');
        $authAdapter->setIdentity($user->username);
        $authAdapter->setCredential($user->password);

        /* @var $authService \Zend\Authentication\AuthenticationService */
        $authService = $this->getServiceLocator()->get('user_auth_service');
        $result = $authService->authenticate($authAdapter);

        switch ($result->getCode()) {

            case \Zend\Authentication\Result::FAILURE_IDENTITY_NOT_FOUND:
            case \Zend\Authentication\Result::FAILURE_CREDENTIAL_INVALID:
                return $result->getMessages();
                break;

            case \Zend\Authentication\Result::SUCCESS:
                $user = $authAdapter->getResultRowObject(null, 'password');
                $user->rolls = $this->getServiceLocator()->get('user_role_table')->getRoles($user->id);
                $authService->getStorage()->write($user);
                getSM()->get('session_manager')->rememberMe();
                return true;
                break;

            default:
                return 'Invalid Credential Provided !';
                break;
        }
    }

But the app still doesn't remember me .What am i doing wrong here ???

Answer 1

Edit : OH RIGHT, I remember now. The remember_me_seconds is for the server but it's no good if the client deletes the cookie. You should used both the cookie_lifetime and the remember option set to appropriate values. Try the following.

session' => array(
    'cookie_lifetime' => 2419200, //SEE ME
    'remember_me_seconds' => 2419200, //SEE ME
    'use_cookies' => true,
    'cookie_httponly' => true,
),

Let me know if it works.

Disregard the following.

I don't think the remember_me option works. I took a look at the ZF2 code and here is some indication that it is useless. Look for the //SEE ME comment.

public function setStorageOption($storageName, $storageValue)
{
    $key = false;
    switch ($storageName) {
        // SEE ME
        case 'remember_me_seconds':
            // do nothing; not an INI option
            return;
        case 'url_rewriter_tags':
            $key = 'url_rewriter.tags';
            break;
        default:
            $key = 'session.' . $storageName;
            break;
    }

    $result = ini_set($key, $storageValue);
    if (FALSE === $result) {
        throw new \InvalidArgumentException("'" . $key .
                "' is not a valid sessions-related ini setting.");
    }
    return $this;
}


/**
 * Retrieve a storage option from a backend configuration store
 *
 * Used to retrieve default values from a backend configuration store.
 *
 * @param  string $storageOption
 * @return mixed
 */
public function getStorageOption($storageOption)
{
    switch ($storageOption) {
        // SEE ME
        case 'remember_me_seconds':
            // No remote storage option; just return the current value
            return $this->rememberMeSeconds;
        case 'url_rewriter_tags':
            return ini_get('url_rewriter.tags');
        // The following all need a transformation on the retrieved value;
        // however they use the same key naming scheme
        case 'use_cookies':
        case 'use_only_cookies':
        case 'use_trans_sid':
        case 'cookie_httponly':
            return (bool) ini_get('session.' . $storageOption);
        default:
            return ini_get('session.' . $storageOption);
    }
}