Since the new Security Component does not support the "Remember Me" authentication yet, I'd like to take the opportunity to contribute something back to Symfony2 to make it even better.
I have already inspected the existing code, and there are already a couple of points where I need some input from you (I guess especially from Fabien ;)) since it requires changing existing code: - Since the "Remember me" feature is based on cookie authentication, a response is required to set/change them. This response object is not available when the core.security event is dispatched, so there is no way to set cookies at this point. But we need to carry over the state until the core.response event is dispatched. The options I see for doing this are either saving the state in the listener directly, or extending the SecurityContext. - The logout listener needs to be reworked to have an additional level of indirection. The listener itself should not contain any logout specific logic as it does now, but only contain logout handlers which are called when a logout is requested. The logic which is in the logout listener right now, would be moved to a SecurityContextLogoutHandler. This also allows for much easier customization. - The form listener needs to be made aware of the RememberMeService implementation (if there is any). So that upon a successful authentication a respective cookie can be set. If we want to support remember with other authentication listeners, these need to be aware of a RememberMeService as well, but Spring doesn't support it and I don't think we need to. So, I think that's all for now :) Kind regards, Johannes -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
