remember me cookie cannot be set from the Action Controller

[hmuller]

This is common pattern when user clicks confirmation token.
I'm unable to set remember me in clean way.

[alexandresalome]

Can you explain more? I don't get it.

[vicb]

Closing this as it is unclear and no feedback has been provided.

[Seldaek]

I guess what he wants is to set a remember me cookie programmatically from any action. I agree this would be useful for some use cases. Right now figuring out how to do this is quite non trivial since it is done automagically deep into Security-land. If you don't mind I reopen.

[albyrock87]

This would be very useful for me: I'm using MultiPass library and I'm authenticating users with Fb/Google/twitter/... and I want to persist the login, but I cant do that inside the controller.
I'm doing an ugly workaround right now:

$rememberMeService = new TokenBasedRememberMeServices(
                array($userRepo),
                $secretkey, $firewallname, array(
                'path' => '/',
                'name' => 'REMEMBERME',
                'domain' => null,
                'secure' => false,
                'httponly' => true,
                'lifetime' => 2592000, // 30 days
                'always_remember_me' => true,
                'remember_me_parameter' => '_remember_me')
            );

[asm89]

I've looked into this and it is possible to set a the cookie from a controller action, but it requires quite some work. You need to:

• know the name of the firewall you want the rememberme services for
• alias the service because it is private
• call the RememberMeServicesInterface#loginSuccess() method with a request object, the response that is going to be returned and the active security token

Finally, if your rememberme services are not configured to always set the remember me cookie, you need to "fake" the remember_me_parameter because the cookie will not be set otherwise.

All of this is a tricky, but I personally don't see a straightforward way to make this process a lot easier without refactoring quite a bit (for example, the rememberme services being dependent on a firewall name).

@albyrock87 For your usecase I think you should consider to implement your authentication scheme as an authentication provider. Right now I guess you're doing everything in a controller?

[albyrock87]

@asm89 Yes, I'm using a controller, but you're right, I should consider to implement an authentication provider :)

[asm89]

@albyrock87 Not sure what you're authenticating against, but I'd like to shamelessly plug HWIOAuthBundle which supports facebook/google/twitter etc. ;)

[albyrock87]

@asm89 Thank you very, very much! I searched for something like that in packagist.org, but I didn't found HWIOAuthBundle weeks ago! That's awesome!

[stof]

Here is the logic written by @schmittjoh to fix this in FOSUserBundle a few days ago: https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Security/LoginManager.php
Such helper class should probably be moved to the core for 2.2

[xphere]

Was the LoginManager moved to the Security component after all? It would be a nice addition. If not, maybe it would be a nice move to extract it to a stand-alone SecurityHelper package, besides some other classes not FOSUser specific.

[Koc]

FriendsOfSymfony/FOSUserBundle#747

[ghost]

also related to #6904

[gondo]

i just hit this wall, any update?

[Flo-Raf]

I think this issue can be closed because there is no activity for 1 year and all the pull requests have been closed