How to login a user programatically in Symfony2

Sometime, you may need to log in an user manually from code, instead of generic form based log in. To do it, you need to use Two Security component “UsernamePasswordToken” and “InteractiveLoginEvent”. We will also use another exception object “UsernameNotFoundException” if the user is not found.

[sourcecode language=”php”]
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;

Now from your controller, you can login an user like this

[sourcecode language=”php”]
$em = $this->getDoctrine();
$repo = $em->getRepository("UserBundle:User"); //Entity Repository
$user = $repo->loadUserByUsername($username);
if (!$user) {
throw new UsernameNotFoundException("User not found");
} else {
$token = new UsernamePasswordToken($user, null, "your_firewall_name", $user->getRoles());
$this->get("security.context")->setToken($token); //now the user is logged in

//now dispatch the login event
$request = $this->get("request");
$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);

Dispatching the “security.interactive_login” is important, because then every listeners which are bound to this event will work appropriately. But the actual login happens when you call setToken(…). Also make sure that you pass the correct firewall name which you had defined in your security.yml.

You can also recall the logged in user any time using the following code

[sourcecode language=”php”]
$user = $this->get(‘security.context’)->getToken()->getUser();

//or from a controller
$user = $this->getUser();

That’s it. Hope you will find it handy 🙂


  1. Good post,this is a pretty complex topic and many people need to do this kind of stuff. By the way, to login a user using something different than a login form, you should implement an authentication provider. The logic involved is quite the same you wrote, but you should put it in a SecurityListener rather than in a controller. There is a good cookbook for this and I wrote a post about this topic

  2. Hi Hasin, very good post! I am trying do a form login, but i had followed the Security page article Symfony and it work not my project.
    Any help thank!

  3. I have a problem! when the user login, This line does not run
    if ($this->get(‘security.context’)->isGranted(‘ROLE_ADMIN’)) {
    return $this->redirect($this->generateUrl(‘cituao_coord_homepage’));

    why? any help! Thanks

  4. I think it’d be better to use SymfonyComponentSecurityHttpSecurityEvents::INTERACTIVE_LOGIN constant instead of the hardcoded event name.

    Good post!

  5. Developing an App where only OAuth is supported. So was a hassle to work without internet. Then this post helped me to simulate user authentication manually.

    Thanks Hasin vai 🙂

  6. Do you know of a way to login users against an LDAP server. Every LDAP bundles seems to required a local database. I dont need a persistent local database in Symfony2. I want to authenticate and fill a user class from an LDAP server.

    This is the point of LDAP after all. Any clues of how to do that, I would be grateful

Leave a comment

Your email address will not be published. Required fields are marked *