Problem with sfRemember cookie / sfGuard Remember me

Question

I'm using Symfony 1.4 with Doctrine.

Sorry if this is a silly question but what exactly does one need to build on top of the sfDoctrineGuardPlugin to get the "remember me" functionality working?

When I login a user, the sfRemember cookie is created with the default 15-day lifetime, and the remember key is saved in the plugin's sf_guard_remember_key table.

Without any tweaks to the plugin, the sfGuardSecurityUser SignIn() method creates the cookie, but the Signout() method erases it, leaving no cookie unless you're logged in!

Signin():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, $key, time() + $expiration_age);

Signout():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, '', time() - $expiration_age);

I can see that the database table saves the cookie as a relation of sf_guard_user, but that's not much good if the cookie is gone....

I'd be grateful if someone could tell me what I'm missing here, and ideally, if I prevent the Signout() method from removing the cookie, do I need to write code to read the cookie myself or is this automated somewhere/somehow? I've got box-standard Symfony 1.4 and sfDoctrineGuardPlugin installations.

It all just seems totally wrong and the documentation on this is non-existent.

Any help would appreciated.

Answer 1

Why would you want to keep the remember cookie after the user has logged out?

It's sole purpose is to keep the user logged in, even after his current session has timed out - hence the cookie. It means if he closes the browser (and the session cookie is deleted), he'll get logged in with the remember cookie automatically the next time he visits the site.

But if he logs out, we want to completely log him out - this is why clearing the remember cookie is neccesary.