#57 Persistent login

Under Discussion
open
nobody
7
2008-03-09
2008-01-21
Andrew Brown
No

A user should be able to login and select a check box to have the login remembered permanently.

I tried the certificate plugin but could not get it wo work (it said it generated certificate though) Not sure how to get the certificate to the user etc.

So, I have implemented persistent login on our server, by hacking v3.3 (svn 590). It is a simple channge requiring mods to:

* lib\init.php
* lib\frontEnd\PageLoginScreen.class.php

Files attached.

Discussion

  • Andrew Brown
    Andrew Brown
    2008-01-21

    Logged In: YES
    user_id=159695
    Originator: YES

    File Added: PageLoginScreen.class.php

     
  • katzlbt
    katzlbt
    2008-01-24

    Logged In: YES
    user_id=1527196
    Originator: NO

    WARNING: NOT SECURE IF USERS CAN CONNECT FROM PUBLIC COMPUTERS, recommended only on secure Intranets.

    Here is is another idea, instead of setting the cookie time to a huge value one could extend it after each use by some days. This should be more secure.

    The following additions could be made in the config.php file:

    ALLOW login to persist for 2 days absolute:

    session_set_cookie_params(2*86400);

    ALLOW login to persist for 2 days after last login ... Monday is loginday :-)

    $tmpsid = 'TheAddressBookSID-'.$CONFIG_DB_NAME;
    if(isset($_COOKIE[$tmpsid])) setcookie($tmpsid, $_COOKIE[$tmpsid], time()+2*86400, '/');

     
  • katzlbt
    katzlbt
    2008-01-24

    Logged In: YES
    user_id=1527196
    Originator: NO

    I plan some changes on the authorize.php script that make your changes hard to implement.
    I had problems transmitting the session id across the header("Location: ") request in authorize.
    Which sometimes lead to instant logout behavior for every link used (browser bug?).

    The change leads to the creation of the session cookie BEFORE login which makes Location: work.
    So a checkbox on the login panel would come already after the session cookie was created.

    A RememberMe (for 5 days) plugin for the main list should be the easiest.
    I will attach the code.

    File Added: RememberMe.plugin.php

     
  • katzlbt
    katzlbt
    2008-01-24

     
    Attachments
  • katzlbt
    katzlbt
    2008-03-09

    • milestone: --> Under Discussion
    • priority: 5 --> 7