douzhu1188
2019-04-17 01:26
浏览 40
已采纳

Symfony 3.4.20和FOSUserBundle - '记住我'不工作

With the following relevant configuration in security.yml:

security:
    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern:
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager

            logout:       true
            anonymous:    true
            logout_on_user_change: true
            remember_me:
                secret: '%secret%'
                secure: true
                httponly: true
                lifetime: 31536000

The remember me session token is only lasting for the browser session rather than the year as specified in the configuration. Could this be due to the secure: true setting? My development machine doesn't have any TLS installed, so could that be the culprit? Or is there something else I should be looking for? From looking at the documentation, it looks like I'm setting things up correctly, so I'm at a bit of a loss.

图片转代码服务由CSDN问答提供 功能建议

security.yml 中使用以下相关配置: \ n

  security:
 firewalls:
#禁用资产和分析器的身份验证,根据需要进行调整
 dev:
 pattern:^ /(_(profiler | wdt)| css |  images | js)/ 
 security:false 
 
 main:
 pattern:
 form_login:
 provider:fos_userbundle 
 csrf_token_generator:security.csrf.token_manager 
 
 logout:true 
 anonymous:true  
 logout_on_user_change:true 
 remember_me:
 secret:'%secret%'
 secure:true 
 httponly:true 
 lifetime:31536000 
   
 
 

记住我会话令牌仅持续浏览器会话而不是配置中指定的年份。 这可能是由于 secure:true 设置造成的? 我的开发机器没有安装任何TLS,那么这可能是罪魁祸首吗? 或者还有其他我应该寻找的东西? 通过查看文档,看起来我正在正确设置 ,所以我有点失落。

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douyi1982 2019-04-18 02:13
    已采纳

    Turns out my gut feeling about secure: true was correct. I set it to false during a test, and the cookie was correct. Since my development machine doesn't have SSL/TLS, it can't send a secure cookie if that's what's configured. It should work on my production server, given I do have working SSL/TLS in that environment.

    点赞 打赏 评论

相关推荐 更多相似问题