views:

289

answers:

1

I'm using Symfony 1.4 with Doctrine.

Sorry if this is a silly question but what exactly does one need to build on top of the sfDoctrineGuardPlugin to get the "remember me" functionality working?

When I login a user, the sfRemember cookie is created with the default 15-day lifetime, and the remember key is saved in the plugin's sf_guard_remember_key table.

Without any tweaks to the plugin, the sfGuardSecurityUser SignIn() method creates the cookie, but the Signout() method erases it, leaving no cookie unless you're logged in!

Signin():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, $key, time() + $expiration_age);

Signout():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, '', time() - $expiration_age);

I can see that the database table saves the cookie as a relation of sf_guard_user, but that's not much good if the cookie is gone....

I'd be grateful if someone could tell me what I'm missing here, and ideally, if I prevent the Signout() method from removing the cookie, do I need to write code to read the cookie myself or is this automated somewhere/somehow? I've got box-standard Symfony 1.4 and sfDoctrineGuardPlugin installations.

It all just seems totally wrong and the documentation on this is non-existent.

Any help would appreciated.

+2  A: 

Why would you want to keep the remember cookie after the user has logged out?

It's sole purpose is to keep the user logged in, even after his current session has timed out - hence the cookie. It means if he closes the browser (and the session cookie is deleted), he'll get logged in with the remember cookie automatically the next time he visits the site.

But if he logs out, we want to completely log him out - this is why clearing the remember cookie is neccesary.

Maerlyn
@Maerlyn: I was under the impression the functionality was something to do with faciliting login the next time the user visits (if it's inside the cookie expiration period) by retaining the username and/or password for quick access... Symfony already saves another cookie called "symfony". Sorry to be pedantic but are you sure it's as you say?
Tom
Hmm.... it's becoming clear. I guess that's one way to do it. I get it now, thanks.
Tom
@Tom: Yes, I am sure.There are two kind of cookies: session cookies (which get deleted when you close the browser) and regular ones, that have an expiration date (i.e. delete it on 2010-04-30 12:34 UTC). The first one is used when you use the plain php $_SESSION superglobal and the other sesion management functions. This is that you can access via an sfUser instance.The regular one is used for the remember function simply because it's not deleted on window closure. It is still neccesary to delete it when the user wishes to log out.
Maerlyn
@Maerlyn: Yep, thanks, it makes good sense now. I thought the functionality was aiming to achieve something else and hence the confusion.
Tom