Hi, did you enable the "Remember me" option in your filters.yml file ? Everything you need to know is explained on the readme page of sfGuardPlugin : http://www.symfony-project.org/plugins/sfGuardPlugin.
Le Mon, 22 Jun 2009 13:36:56 +0200, Nickolas Daskalou <n...@daskalou.com> a écrit: > What happens when you make every page "secure" (in view.yml)? Does it > work > as expected then? > > > 2009/6/22 Sid Bachtiar <sid.bacht...@gmail.com> > >> >> But did you check the settings?? Most browser would kill the session, >> because it is a privacy issue. >> >> On Mon, Jun 22, 2009 at 11:09 PM, dziobacz<aaabbbcccda...@gmail.com> >> wrote: >> > >> > Remember me doesn't work in Firefox, IE8, Opera and Chrome. >> > >> > On 22 Cze, 12:50, Sid Bachtiar <sid.bacht...@gmail.com> wrote: >> >> If you are using Firefox then check the Firefox settings. Make sure >> >> session is not made expired on closing the browser. >> >> >> >> >> >> >> >> On Mon, Jun 22, 2009 at 10:45 PM, dziobacz<aaabbbcccda...@gmail.com> >> wrote: >> >> >> >> > But checked 'remember me' checkbox doesn't work. >> >> >> >> > On 22 Cze, 12:30, Sid Bachtiar <sid.bacht...@gmail.com> wrote: >> >> >> But I think there is a 'remember me' checkbox option that warns >> them >> about it. >> >> >> >> >> It is a dangerous arrangement, so you need to be very careful >> here. >> >> >> >> >> On Mon, Jun 22, 2009 at 10:25 PM, >> dziobacz<aaabbbcccda...@gmail.com> >> wrote: >> >> >> >> >> > But in 99% forums user is still loged on after closed and opened >> >> >> > browser. For example here:http://www.dbforums.com/Sothis >> solution >> >> >> > is normal and very popular. >> >> >> >> >> > I think I have found a solution: >> >> >> >> >> > user: >> >> >> > class: myUser >> >> >> > param: >> >> >> > timeout: 2592000 >> >> >> >> >> > storage: >> >> >> > class: sfSessionStorage >> >> >> > param: >> >> >> > session_cookie_lifetime: 2592000 >> >> >> >> >> > timeout and session_cookie_lifetime must be exacly the same >> because >> >> >> > Symfony takes minimum from timeout and session_cookie_lifetime. >> >> >> >> >> > On 22 Cze, 12:09, Gareth McCumskey <gmccums...@gmail.com> wrote: >> >> >> >> Here's an example scenario. Your user goes to an Internet >> cafe. He >> logs into >> >> >> >> your web application and does what he wants to do then closes >> the >> browser >> >> >> >> (without logging out first) then walks out the door. If the >> session was not >> >> >> >> killed on browser exit then the next person that comes along >> and >> opens the >> >> >> >> browser and views the history or if the browser was setup to >> keep >> tabs open, >> >> >> >> they can then access your users account. >> >> >> >> >> >> Work with the assumption that the browser exit will always kill >> the session. >> >> >> >> It is by far a better security arrangement. >> >> >> >> >> >> On Mon, Jun 22, 2009 at 11:45 AM, Sid Bachtiar < >> sid.bacht...@gmail.com>wrote: >> >> >> >> >> >> > Hi, >> >> >> >> >> >> > That's just how browser usually setup, to kill session when >> it >> is closed. >> >> >> >> >> >> > The timeout is for if user has the browser window opened, but >> inactive >> >> >> >> > (e.g.: not making any request to server) for x amount of >> time. >> >> >> >> >> >> > You need to think about the security aspect when setting the >> timeout. >> >> >> >> > The longer the timeout, the more chance of your user forgot >> to >> logout >> >> >> >> > and someone else using their account. >> >> >> >> >> >> > On Mon, Jun 22, 2009 at 8:59 PM, dziobacz< >> aaabbbcccda...@gmail.com> wrote: >> >> >> >> >> >> > > User should be log in 30 days = 2592000 seconds. In >> factories.yml I >> >> >> >> > > have: >> >> >> >> > > all: >> >> >> >> > > user: >> >> >> >> > > class: myUser >> >> >> >> > > param: >> >> >> >> > > timeout: 2592000 >> >> >> >> >> >> > > But after closed browser user is log out and he must log in >> again, >> >> >> >> > > why ? What should I do ? >> >> >> >> >> >> > -- >> >> >> >> > Blue Horn Ltd - System Development >> >> >> >> >http://bluehorn.co.nz >> >> >> >> >> >> -- >> >> >> >> Gareth McCumskeyhttp://garethmccumskey.blogspot.com >> >> >> >> twitter: @garethmcc >> >> >> >> >> -- >> >> >> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz >> >> >> >> -- >> >> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz >> > > >> > >> >> >> >> -- >> Blue Horn Ltd - System Development >> http://bluehorn.co.nz >> >> > >> > > > -- Utilisant le client e-mail révolutionnaire d'Opera : http://www.opera.com/mail/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
