This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use the new forum.
Home » plugins » User management plugins » Global is_secure is ON when sfGuard's sfGuardBasicSecurityFilter is used as custom filter
Global is_secure is ON when sfGuard's sfGuardBasicSecurityFilter is used as custom filter [message #60734] Thu, 11 September 2008 09:47 Go to next message
cestcri  is currently offline cestcri
Messages: 232
Registered: August 2007
Location: Paris
Faithful Member
Hi all,


I had/have troubles with sfGuard's login via the remember me cookie, it just didn't work (sfGuard 2.2.0 on symfony 1.1). I followed the useful advices on http://eatmymonkeydust.com/2008/07/symfony-sfguarduser-remem ber-me-checkboxcookie-does-not-work/ :

rendering: ~
web_debug: ~
security: ~

# generally, you will want to insert your own filters here
 
remember:
  class: sfGuardBasicSecurityFilter
 
cache:     ~
common:    ~
flash:     ~
execution: ~


But this leads now to a general is_secure: on for the whole application! The remember me cookie is now read and automated login works, but once unlogged the whole application is not accessible. I certainly set is_secure to off... but this doesn't affect anything.


Any ideas why?

Thanks for your help!

Have a nice day,
Christian
Re: Global is_secure is ON when sfGuard's sfGuardBasicSecurityFilter is used as custom filter [message #60850 is a reply to message #60734 ] Fri, 12 September 2008 09:45 Go to previous messageGo to next message
wissl  is currently offline wissl
Messages: 447
Registered: March 2008
Location: Germany
Faithful Member
If you followed the blog post, your yml would look more like this:

...
security:
  class: sfGuardBasicSecurityFilter
 
# generally, you will want to insert your own filters here
 
remember:
  class: rememberMeFilter

...


sfGuardBasicSecurityFilter is used as security filter, not as remember filter Wink

Internally, security filter will only be called when the requested action is secured. The logic, if an action is secured is not implemented in the filter, it only handles what happens then. The custom remember filter will be called EVERY time, so your application seems to be ALWAYS secured.
Re: Global is_secure is ON when sfGuard's sfGuardBasicSecurityFilter is used as custom filter [message #60851 is a reply to message #60850 ] Fri, 12 September 2008 09:49 Go to previous messageGo to next message
cestcri  is currently offline cestcri
Messages: 232
Registered: August 2007
Location: Paris
Faithful Member
Thanks wissl,

that makes sense. That also means that I have to define a custom rememberMeFilter, something I wanted to avoid. Imho this feature should come with the sfGuardPlugin, or am I mistaken?

Have a nice day!
Christian
Re: Global is_secure is ON when sfGuard's sfGuardBasicSecurityFilter is used as custom filter [message #60852 is a reply to message #60734 ] Fri, 12 September 2008 09:59 Go to previous messageGo to next message
wissl  is currently offline wissl
Messages: 447
Registered: March 2008
Location: Germany
Faithful Member
As far as I know the remember filter of the plugin is inside the security filter.

I think you will not need to write your own rermember filter, as you posted the source to one Wink
Re: Global is_secure is ON when sfGuard's sfGuardBasicSecurityFilter is used as custom filter [message #60853 is a reply to message #60852 ] Fri, 12 September 2008 10:01 Go to previous message
cestcri  is currently offline cestcri
Messages: 232
Registered: August 2007
Location: Paris
Faithful Member
That's exactly the case, but this dirty hack seems to be necessary since the retrieval of the remember me cookie does not work.

If there's a more elegant way, I'm happy to learn about it!

Regards,
Christian
Previous Topic:[SOLVED] How do I print the Username
Next Topic:sfGuard Usage
Goto Forum:
  

powered by FUDforum - copyright ©2001-2004 FUD Forum Bulletin Board Software