WARNING: You are browsing the documentation for Symfony 2.6 which is not maintained anymore. Consider upgrading your projects to Symfony 4.3.

Recipes about Security

The Symfony Cookbook is a continuously growing collection of specific recipes that explain how to correctly solve the most recurrent problems that Symfony developers face in their day to day work.

Download as PDF

2.6 version

Unmaintained

2.0 2.1 2.2 2.3 2.4 2.5

Security¶

Authentication (Identifying/Logging in the User)¶

How to Build a Traditional Login Form
- Redirecting after Success
- Avoid Common Pitfalls
How to Load Security Users from the Database (the Entity Provider)
How to Add "Remember Me" Login Functionality
- Forcing the User to Opt-Out of the Remember Me Feature
- Forcing the User to Re-Authenticate before Accessing certain Resources
How to Impersonate a User
- Events
How to Customize your Form Login
- Form Login Configuration Reference
- Redirecting after Success
How to Create a custom User Provider
How to Create a Custom Form Password Authenticator
How to Authenticate Users with API Keys
How to Create a custom Authentication Provider
Using pre Authenticated Security Firewalls
- X.509 Client Certificate Authentication
- REMOTE_USER Based Authentication
How to Change the default Target Path Behavior
Using CSRF Protection in the Login Form
- Configuring CSRF Protection
- Rendering the CSRF field
How to Choose the Password Encoder Algorithm Dynamically
How to Use multiple User Providers
How to Restrict Firewalls to a Specific Request
How to Restrict Firewalls to a Specific Host

Authorization (Denying Access)¶

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.