Symfony 3.4.20和FOSUserBundle - '记住我'不工作
With the following relevant configuration in security.yml
:
security:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern:
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
logout_on_user_change: true
remember_me:
secret: '%secret%'
secure: true
httponly: true
lifetime: 31536000
The remember me session token is only lasting for the browser session rather than the year as specified in the configuration. Could this be due to the secure: true
setting? My development machine doesn't have any TLS installed, so could that be the culprit? Or is there something else I should be looking for? From looking at the documentation, it looks like I'm setting things up correctly, so I'm at a bit of a loss.
在 记住我会话令牌仅持续浏览器会话而不是配置中指定的年份。 这可能是由于 security.yml code>中使用以下相关配置: p>
\ n
security:
firewalls:
#禁用资产和分析器的身份验证,根据需要进行调整
dev:
pattern:^ /(_(profiler | wdt)| css | images | js)/
security:false
main:
pattern:
form_login:
provider:fos_userbundle
csrf_token_generator:security.csrf.token_manager
logout:true
anonymous:true
logout_on_user_change:true
remember_me:
secret:'%secret%'
secure:true
httponly:true
lifetime:31536000
code> pre>
secure:true code>设置造成的? 我的开发机器没有安装任何TLS,那么这可能是罪魁祸首吗? 或者还有其他我应该寻找的东西? 通过查看文档,看起来我正在正确设置 ,所以我有点失落。 p>
div>
Turns out my gut feeling about secure: true
was correct. I set it to false
during a test, and the cookie was correct. Since my development machine doesn't have SSL/TLS, it can't send a secure cookie if that's what's configured. It should work on my production server, given I do have working SSL/TLS in that environment.