diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index a5909ce..4fb4d30 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -25,6 +25,16 @@ security:
path: app_logout
# where to redirect after logout
# target: app_any_route
+ remember_me:
+ secret: '%kernel.secret%'
+ lifetime: 604800 # 1 week in seconds
+ path: /
+ secure: true
+ samesite: strict
+ # by default, the feature is enabled by checking a
+ # checkbox in the login form (see below), uncomment the
+ # following line to always enable it.
+ #always_remember_me: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
diff --git a/src/Controller/Admin/DashboardController.php b/src/Controller/Admin/DashboardController.php
index df0148e..9e5ad4c 100644
--- a/src/Controller/Admin/DashboardController.php
+++ b/src/Controller/Admin/DashboardController.php
@@ -18,6 +18,10 @@ class DashboardController extends AbstractDashboardController
*/
public function index(): Response
{
+ // require the user to log in during *this* session
+ // if they were only logged in via a remember me cookie, they
+ // will be redirected to the login page
+ $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
return parent::index();
}
diff --git a/templates/security/login.html.twig b/templates/security/login.html.twig
index 6c66575..a4b4e03 100644
--- a/templates/security/login.html.twig
+++ b/templates/security/login.html.twig
@@ -33,6 +33,10 @@