search

silexlabs / Silex

Silex live web creation, free/libre no-code website builder, next gen Webflow for the static web
http://www.silex.me
GNU Affero General Public License v3.0
2.24k stars 578 forks source link

Maybe bug in RememberMeService #329

Closed naskoff closed 9 years ago

naskoff commented 9 years ago

HI there, i tried to perform some security on my test project, but i stuck on remember me configuration. I have this configuration for now UserServiceProvider Everything work fine, except remember me. Cookies are stored successfull, but when i restart browser i see these line in my debug.log

[2015-09-21 18:42:25] production.DEBUG: Remember-me cookie detected. [] [] [2015-09-21 18:42:26] production.DEBUG: Remember-Me authentication failed. {"exception":"[object](Symfony\Component\Security\Core\Exception\AuthenticationException%28code: 0%29: The cookie's hash is invalid. at /var/www/frameworks/silex/vendor/symfony/security/Http/RememberMe/TokenBasedRememberMeServices.php:58)"} [] [2015-09-21 18:42:26] production.DEBUG: Clearing remember-me cookie. {"name":"REMEMBERME"} []

Actually, token are totally different, but i don't know why. If someone have suggestions, i will be very happy :+1:

naskoff commented 9 years ago

Sorry, after some debug Symfony components, i realized my mistake. IN my Entity class, i had eraseCredentions() function, who set password property to null. When remove, everything look great.