Warning: You are browsing the documentation for Symfony 2.4, which is no longer maintained.

Read the updated version of this page for Symfony 5.3 (the current stable version).

Recipes about Security

The Symfony Cookbook is a continuously growing collection of specific recipes that explain how to correctly solve the most recurrent problems that Symfony developers face in their day to day work.

2.4 version

Maintained

4.4 5.3 current 5.4 dev 6.0

Unmaintained

2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 3.0 3.1 3.2 3.3 3.4 4.0 4.1 4.2 4.3 5.0 5.1 5.2

Security¶

How to Load Security Users from the Database (the Entity Provider)
How to Add “Remember Me” Login Functionality
- Forcing the User to Re-authenticate before Accessing certain Resources
How to Impersonate a User
How to Implement your own Voter to Blacklist IP Addresses
How to Use Voters to Check User Permissions
How to Use Access Control Lists (ACLs)
How to Use advanced ACL Concepts
How to Force HTTPS or HTTP for different URLs
How to Restrict Firewalls to a Specific Request
- Restricting by Pattern
- Restricting by Host
How to Restrict Firewalls to a Specific Host
How to Customize your Form Login
- Form Login Configuration Reference
- Redirecting after Success
How to Secure any Service or Method in your Application
- Securing Methods Using Annotations
How to Create a custom User Provider
How to Create a Custom Form Password Authenticator
How to Authenticate Users with API Keys
How to Create a custom Authentication Provider
Using pre Authenticated Security Firewalls
- X.509 Client Certificate Authentication
How to Change the default Target Path Behavior
Using CSRF Protection in the Login Form
- Configuring CSRF Protection
- Rendering the CSRF field

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.