With the following relevant configuration in security.yml:
security:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern:
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
logout_on_user_change: true
remember_me:
secret: '%secret%'
secure: true
httponly: true
lifetime: 31536000
The remember me session token is only lasting for the browser session rather than the year as specified in the configuration. Could this be due to the secure: true setting? My development machine doesn't have any TLS installed, so could that be the culprit? Or is there something else I should be looking for? From looking at the documentation, it looks like I'm setting things up correctly, so I'm at a bit of a loss.
答案 0 :(得分:0)
证明我对secure: true的直觉是正确的。我在测试期间将其设置为false,并且cookie是正确的。由于我的开发机器没有SSL / TLS,因此如果配置了它,它就无法发送安全cookie。鉴于我在该环境中确实可以使用SSL / TLS,因此它应该可以在我的生产服务器上使用。