为什么RememberMe在Symfony2中无法正常工作?
[英]Why is RememberMe Not Working properly in Symfony2?
问题描述
I have used the key “remember_me” in my file “ security.yml ”, in order to use the remember_me functionality of Symfony. 
为了使用Symfony的Remember_me功能,我在文件security.yml中使用了键“ remember_me” 。 I have used a lifetime of a week (please see my security.yml file below) . 我已经使用了一个星期的生命(请在下面查看我的security.yml文件) 。 I am using Symfony version 2.8.48 and friendsofsymfony/user-bundle versionv 2.0.1. 我正在使用Symfony版本2.8.48和friendsofsymfony /用户捆绑版本2.0.1。
So after I successfully login to my website through my login form, the REMEMBERME cookie is perfectly set and I can see it on my navigator (google Chrome), with the Expires / Max-Age being correctly set for a week later (on the screenshot, expires at Novembre 7th since the login has been made on Octobre 31st). 因此,当我通过登录表单成功登录到我的网站后,便完美设置了REMEMBERME Cookie,并且可以在导航器 (google Chrome) 上看到它,并且Expires / Max-Age在一周后正确设置了 (在屏幕截图中) ,自从10月31日进行登录以来,过期时间为11月7日。
But around one or two hours after closing the tab of my website page, if I come back to my website, although the REMEMBERME cookie still appears on my navigator, I am already disconnected . 但是, 在关闭我的网站页面的选项卡后大约一两个小时 ,如果我返回我的网站,尽管REMEMBERME cookie仍然出现在我的导航器中,但我已经断开了连接 。
How is that possible? 那怎么可能? Why does the remember_me functionality does not work? 为什么Remember_me功能不起作用? I followed the exact set-up on the Symfony documentation with the following link: 我通过以下链接遵循了Symfony文档上的确切设置:
https://symfony.com/doc/2.8/security/remember_me.html https://symfony.com/doc/2.8/security/remember_me.html
In my login form, I have also added the input with name remember_me, in the form of a checkbox (check my snippet below) 在我的登录表单中,我还以复选框的形式添加了名称为“ remember_me”的输入(请查看下面的代码段)
Is it a problem related to the session parameter in my file config.yml? 这与我的文件config.yml中的session参数有关吗? Is it related to the cookie_lifetime parameter? 它与cookie_lifetime参数有关吗?
Plus, if I want to investigate, where should I start. 另外,如果我想调查,应该从哪里开始。 Where is the information “check if there is a remember_me cookie” triggered in Symfony and what handler automatically checks if there is a remember_me cookie ? Symfony中触发的“检查是否有一个Remember_me cookie”信息在哪里,哪个处理程序会自动检查是否存在一个Remember_me cookie?
Thank you in advance. 先感谢您。
My security.yml file 我的security.yml文件
main_firewall:
pattern: ^/
anonymous: false
context: general_context
entry_point: my_custom_authentication_entry_point
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
default_target_path: my_custom_target_path
use_forward: false
use_referer: true
post_only: true
username_parameter: _username
password_parameter: _password
success_handler: my_custom_handler
failure_handler: my_custom_handler
require_previous_session: false
csrf_token_generator: security.csrf.token_manager
logout: true
remember_me:
secret: '%secret%'
lifetime: 604800
path: /
always_remember_me: true
My config.yml file (only the session part): 我的config.yml文件(仅会话部分):
framework:
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
My login.html.twig (simplified version for the purpose of this question): 我的login.html.twig(此问题的简化版本):
<form action="{{ path("fos_user_security_check") }}" method="post">
<h2>{{ 'login.label.email'|trans }}</h2>
<input id="email" type="email" name="_username" placeholder="{{ 'login.placeholder.email'|trans }}">
<h2>{{ 'login.label.password'|trans }}</h2>
<input id="password" class="AS-new-form-input AS-new-form-input-full-width" type="password" name="_password" placeholder="{{ 'login.placeholder.password'|trans }}">
<div class="hidden">
<input type="checkbox" id="remember_me" name="_remember_me" checked />
<label for="remember_me">{{ 'login.label.remember_me'|trans }}</label>
</div>
<input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}"/>
<button type="submit">{{ 'login.action.connect'|trans }}</button>
</form>
A last small precision, my login form is handled with ajax. 最后一个小精度,我的登录表单是用ajax处理的。 So I use the following to submit the login form 因此,我使用以下内容提交登录表单
var username = ///I get the value from my input
var password = ///I get the value from my input
var csrfToken = ///I get the value from my input
$.ajax({
url: Routing.generate('login_check'),
type: 'POST',
data: {_username: username,_password: password ,_csrf_token: csrfToken, _remember_me: true},
success: function(data, statusText, xhr) {
///execute my function////
}
});
Please find also the screenshot of my navigator console below 请在下面找到我的导航器控制台的屏幕截图
Extra Information Based on The FIrst Answers 基于第一答案的额外信息
So based on the first comment I got from Jovan, I updated the parameter session.cookie_lifetime and set it to 604800 因此,根据我从Jovan获得的第一条评论,我更新了参数session.cookie_lifetime并将其设置为604800
session:
cookie_lifetime: 604800
The difference now is that the PHPSESSID cookie has the correct expiry date (show by screenshot below) => I connected my user on November 1st and Expiry date is November 8th. 现在的区别在于,PHPSESSID cookie具有正确的到期日期(如下面的屏幕快照所示)=>我在11月1日连接了我的用户,而到期日期是11月8日。
Although it took me longer to get disconnected, I still get disconnected a few hours after closing my tab (with the cookie lifetime around 5 hours to get disconnected, without it, it took 1 or 2 hours). 尽管断开连接花费了更长的时间,但关闭选项卡后,我仍然保持断开连接的状态(Cookie的寿命大约为5个小时,而断开连接则需要1或2个小时)。
I also tried to var_dump ini_get('session.gc_maxlifetime'); 我还尝试了var_dump ini_get('session.gc_maxlifetime'); and I get 1440. 我得到1440
Do you think it is related to the session lifetime on the server side? 您是否认为这与服务器端的会话生存期有关? Should I update the session.gc_maxlifetime parameter?? 我应该更新session.gc_maxlifetime参数吗? Should I update the php.ini file on the server side?? 我应该在服务器端更新php.ini文件吗?
Any ides of other reasons why I keep getting disconnected? 其他原因导致我与他人断开连接的原因是什么?
2 个解决方案
解决方案1
0 2018-11-01 10:26:19
The cookie REMEMBERME does seem valid, but looking into PHPSESSID reveals that it went full circle or went backwards in terms of expiry date. cookie REMEMBERME看起来确实有效,但是调查PHPSESSID发现它的有效期已满或倒退。 In any case, your cookie is being issued with with already expired date. 无论如何,您的Cookie的发布日期已经过期。
So, you can either set the session cookie timeout in you php.ini or in your Symfony config. 因此,您可以在php.ini或Symfony配置中设置会话cookie超时。 I prefer the later: 我更喜欢后者:
symfony.com > Session Cookie Lifetime symfony.com>会话Cookie生存期
The cookie_lifetime setting is the number of seconds the cookie should live for, it is not a Unix timestamp.
According to above, please note that cookie_lifetime is relative value . 根据以上内容,请注意cookie_lifetime是相对值 。
Hope this helps a bit... 希望这个对你有帮助...
解决方案2
0 2018-11-08 16:22:14
So I managed to solve my problem in the end. 所以我最终解决了我的问题。
I made two changes. 我做了两个更改。
The first one: I changed the save_path of my user session, thanks to the parameter framework.session.save_path in the file config.yml. 第一个:由于文件config.yml中的参数framework.session.save_path,我更改了用户会话的save_path。 I changed it to a path within my symfony repository instead of having "/home/my-user-name/admin/tmp" on my shared server.. 我将其更改为symfony存储库中的路径,而不是在共享服务器上使用“ / home / my-user-name / admin / tmp”。
The second one: I modified the php.ini file on my shared server, and updated the session.gc_maxlifetime to 604800. 第二个:我在共享服务器上修改了php.ini文件,并将session.gc_maxlifetime更新为604800。
I don't know which one of these two changes made it work, but it is working fine now. 我不知道这两个更改中的哪一个使它起作用,但是现在它可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.