New in Symfony 6.3: Login and Logout Improvements

Custom Redirection with Programmatic Login

Contributed by
Nicolas Sauveur

in #48582.

In Symfony 6.2 we introduced a login() method to ease the programmatic
login of users. However, this method returned void, so you couldn’t customize
the response after the user login.

The underlying UserAuthenticator::authenticateUser() called by login()
returns a Response object which can be used to redirect the user. That’s why
in Symfony 6.3, the login() method now returns that Response object too:

use SymfonyBundleFrameworkBundleControllerAbstractController;
use SymfonyBundleSecurityBundleSecurity;
use SymfonyComponentHttpFoundationResponse;

class RegistrationController extends AbstractController
public function verifyUserEmail(Security $security): Response
// …

$redirectResponse = $security->login($user);

return $redirectResponse;

Remember Me Option for JSON Logins

Contributed by
Markus Baumer

in #48899.

JSON login is one of the built-in authentication mechanisms provided by Symfony.
It’s popular e.g. when building APIs to generate security tokens based on a given
username (or email) and password.

Remember me is a built-in Symfony security feature that allows to store some
user credentials in a signed cookie so they don’t have to provide them again the
next time they browse your application.

In Symfony 6.3 we’re merging both features to provide Remember Me support for
JSON logins. To do so, add a _remember_me key (this name is configurable)
to the body of your POST request:

„username“: [email protected],
„password“: „MyPassword“,
„_remember_me“: true

Clear Site Data After Logout

Contributed by
Maximilian Beckers

in #49306.

The Clear-Site-Data HTTP header clears browsing data (cookies, storage, cache)
associated with the requesting website. It allows web developers to have more
control over the data stored by a client browser for their origins.

In Symfony 6.3, we’re adding support for this HTTP header via the logout
configuration of your firewalls:

# …
# …
path: app_logout
# the available options are ‚cache‘, ‚cookies‘, ’storage‘, ‚executionContexts‘
# you can also use the ‚*‘ wildcard to clear all data

Sponsor the Symfony project.

Symfony Blog

Read More

Latest News


PHP 8.2.16 released!

PHP 8.3.3 released!

PHP 8.1.27 released!

Generated by Feedzy