Reputation: 139
how symfony2 remember me work without any table for token?
I configure symfony2 to add remember me functionality, but how it work without any table in database to save remember me token. I mean some best practice for remember me cookie like what is said in here
Upvotes: 1
Views: 516
Answers (1)
Reputation: 255005
It stores the username and the token expiration together with the token class name and the signature in the single cookie.
Here is where it's being processed: https://github.com/symfony/symfony/blob/2.8/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php#L39
So the whole protection is based on using the secret token (the one you specify in parameters) and user's password.
Answering the second part of your "question" - as soon as a pure cookie-based solution does not use persistence layer, none of those "best practices" are applicable here.
symfony2 does provide built-in persistence layer support for storing remember-me tokens, and it does implement the series-based logic like it's explained in the answer you're referring to.
Upvotes: 2
Related Questions
- What is the use of laravel remember me token?
- Symfony2: remember me token is not set
- How to create custom Remember me provider in symfony
- Remember me not working
- Symfony2 - Programmatically set remember me cookie
- How to implement remember me programatically in symfony2?
- remember me symfony2 cookie deleting when closing the browser
- Symfony2 remember me authentication
- Symfony 2 & Remember me function
- Remember-Me-cookie - where to store token