March 17, 2020 Javier Eguiluz

Checking the status of users in Symfony applications (anonymous, logged in, etc.) requires using security attributes such as IS_AUTHENTICATED_ANONYMOUSLY . These attributes are sometimes confusing because they don't define a state but a condition. For example, IS_AUTHENTICATED_REMEMBERED is true for "Remember Me" users but also for fully authenticated users.

That's why in Symfony 5.1 we've introduced new attributes that only check the user status. For example, to check inside a controller if the user is a "Remember Me" user:

1 2 3 4 5 6 7 8 9 10 // BEFORE if ( $this -> isGranted ( 'IS_AUTHENTICATED_REMEMBERED' ) && ! $this -> isGranted ( 'IS_AUTHENTICATED_FULLY' )) { // ... } // AFTER if ( $this -> isGranted ( 'IS_REMEMBERED' )) { // ... }

Another example, which checks anonymous users inside Twig templates:

1 2 3 4 5 6 7 8 9 10 11 {# BEFORE #} {% if is_granted ( 'IS_AUTHENTICATED_ANONYMOUSLY' ) and not is_granted ( 'IS_AUTHENTICATED_REMEMBERED' ) and not is_granted ( 'IS_AUTHENTICATED_FULLY' ) %} {# ... #} {% endif %} {# AFTER #} {% if is_granted ( 'IS_ANONYMOUS' ) %} {# ... #} {% endif %}