Quick review of the remember me article

symfony · Jun 14, 2015 · 8158d56 · 8158d56
1 parent 31e613a
commit 8158d56
Showing 1 changed file with 34 additions and 23 deletions.
diff --git a/cookbook/security/remember_me.rst b/cookbook/security/remember_me.rst
@@ -25,15 +25,21 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
     .. code-block:: xml
 
         <!-- app/config/security.xml -->
-        <config>
-            <firewall>
-                <remember-me
-                    key      = "%secret%"
-                    lifetime = "604800" <!-- 1 week in seconds -->
-                    path     = "/"
-                />
-            </firewall>
-        </config>
+        <?xml version="1.0" encoding="utf-8" ?>
+        <srv:container xmlns="http://symfony.com/schema/dic/security"
+            xmlns:srv="http://symfony.com/schema/dic/services">
+
+            <config>
+                <firewall>
+                    <!-- lifetime: 604800 seconds = 1 week -->
+                    <remember-me
+                        key="%secret%"
+                        lifetime="604800"
+                        path="/"
+                    />
+                </firewall>
+            </config>
+        </srv:container>
 
     .. code-block:: php
 
@@ -52,7 +58,7 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
 
 The ``remember_me`` firewall defines the following configuration options:
 
-``key`` (default value: ``null``)
+``key`` (**required**)
     The value used to encrypt the cookie's content. It's common to use the
     ``secret`` value defined in the ``app/config/parameters.yml`` file.
 
@@ -167,15 +173,18 @@ The Security component provides an easy way to do this. In addition to roles
 explicitly assigned to them, users are automatically given one of the following
 roles depending on how they are authenticated:
 
-* ``IS_AUTHENTICATED_ANONYMOUSLY`` - automatically assigned to a user who is
-  in a firewall protected part of the site but who has not actually logged in.
-  This is only possible if anonymous access has been allowed.
+``IS_AUTHENTICATED_ANONYMOUSLY``
+  Automatically assigned to a user who is in a firewall protected part of the
+  site but who has not actually logged in. This is only possible if anonymous
+  access has been allowed.
 
-* ``IS_AUTHENTICATED_REMEMBERED`` - automatically assigned to a user who
-  was authenticated via a remember me cookie.
+``IS_AUTHENTICATED_REMEMBERED``
+  Automatically assigned to a user who was authenticated via a remember me
+  cookie.
 
-* ``IS_AUTHENTICATED_FULLY`` - automatically assigned to a user that has
-  provided their login details during the current session.
+``IS_AUTHENTICATED_FULLY``
+  Automatically assigned to a user that has provided their login details
+  during the current session.
 
 You can use these to control access beyond the explicitly assigned roles.
 
@@ -201,23 +210,25 @@ In the following example, the action is only allowed if the user has the
     // ...
     use Symfony\Component\Security\Core\Exception\AccessDeniedException
 
+    // ...
     public function editAction()
     {
-        if (false === $this->get('security.context')->isGranted(
-            'IS_AUTHENTICATED_FULLY'
-           )) {
+        $isFullyAuthenticated = $this->get('security.context')
+            ->isGranted('IS_AUTHENTICATED_FULLY');
+        
+        if (!$isFullyAuthenticated) {
             throw new AccessDeniedException();
         }
 
         // ...
     }
 
 You can also choose to install and use the optional JMSSecurityExtraBundle_,
-which can secure your controller using annotations:
-
-.. code-block:: php
+which can secure your controller using annotations::
 
+    // ...
     use JMS\SecurityExtraBundle\Annotation\Secure;
+    // ...
 
     /**
      * @Secure(roles="IS_AUTHENTICATED_FULLY")