sfRemember cookie / sfGuard 记住我的问题
我正在使用 Symfony 1.4 和 Doctrine。
抱歉,如果这是一个愚蠢的问题,但究竟需要在 sfDoctrineGuardPlugin 之上构建什么才能使“记住我”功能正常工作?
当我登录用户时,会创建 sfRemember cookie,默认生存期为 15 天,并且记住密钥保存在插件的 sf_guard_remember_key 表中。
在不对插件进行任何调整的情况下,sfGuardSecurityUser SignIn() 方法会创建 cookie,但 Signout() 方法会删除它,除非您登录,否则不会留下任何 cookie!
Signin():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, $key, time() + $expiration_age);
Signout():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, '', time() - $expiration_age);
我可以看到数据库表将 cookie 保存为 sf_guard_user 的关系,但是如果 cookie 消失了,那就不太好了......
如果有人能告诉我我在这里缺少什么,并且理想情况下,我将不胜感激,如果我阻止 Signout() 方法删除 cookie,我是否需要自己编写代码来读取 cookie,或者这是否在某处/以某种方式自动执行?我已经安装了盒式标准 Symfony 1.4 和 sfDoctrineGuardPlugin。
这一切似乎完全错误,而且相关文档也不存在。
任何帮助将不胜感激。
I'm using Symfony 1.4 with Doctrine.
Sorry if this is a silly question but what exactly does one need to build on top of the sfDoctrineGuardPlugin to get the "remember me" functionality working?
When I login a user, the sfRemember cookie is created with the default 15-day lifetime, and the remember key is saved in the plugin's sf_guard_remember_key table.
Without any tweaks to the plugin, the sfGuardSecurityUser SignIn() method creates the cookie, but the Signout() method erases it, leaving no cookie unless you're logged in!
Signin():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, $key, time() + $expiration_age);
Signout():
sfContext::getInstance()->getResponse()->setCookie($remember_cookie, '', time() - $expiration_age);
I can see that the database table saves the cookie as a relation of sf_guard_user, but that's not much good if the cookie is gone....
I'd be grateful if someone could tell me what I'm missing here, and ideally, if I prevent the Signout() method from removing the cookie, do I need to write code to read the cookie myself or is this automated somewhere/somehow? I've got box-standard Symfony 1.4 and sfDoctrineGuardPlugin installations.
It all just seems totally wrong and the documentation on this is non-existent.
Any help would appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为什么要在用户注销后保留记住 cookie?
它的唯一目的是让用户保持登录状态,即使在当前会话超时后也是如此——因此有了 cookie。这意味着如果他关闭浏览器(并且会话 cookie 被删除),他下次访问该网站时将自动使用记住 cookie 登录。
但如果他退出,我们希望他完全退出——这就是为什么需要清除记住cookie。
Why would you want to keep the remember cookie after the user has logged out?
It's sole purpose is to keep the user logged in, even after his current session has timed out - hence the cookie. It means if he closes the browser (and the session cookie is deleted), he'll get logged in with the remember cookie automatically the next time he visits the site.
But if he logs out, we want to completely log him out - this is why clearing the remember cookie is neccesary.