#57 Persistent login

[Andrew Brown]

A user should be able to login and select a check box to have the login remembered permanently.

I tried the certificate plugin but could not get it wo work (it said it generated certificate though) Not sure how to get the certificate to the user etc.

So, I have implemented persistent login on our server, by hacking v3.3 (svn 590). It is a simple channge requiring mods to:

* lib\init.php
* lib\frontEnd\PageLoginScreen.class.php

Files attached.

[Andrew Brown]

Logged In: YES
user_id=159695
Originator: YES

File Added: PageLoginScreen.class.php

[katzlbt]

Logged In: YES
user_id=1527196
Originator: NO

WARNING: NOT SECURE IF USERS CAN CONNECT FROM PUBLIC COMPUTERS, recommended only on secure Intranets.

Here is is another idea, instead of setting the cookie time to a huge value one could extend it after each use by some days. This should be more secure.

The following additions could be made in the config.php file:

ALLOW login to persist for 2 days absolute:

session_set_cookie_params(2*86400);

ALLOW login to persist for 2 days after last login ... Monday is loginday :-)

$tmpsid = 'TheAddressBookSID-'.$CONFIG_DB_NAME;
if(isset($_COOKIE[$tmpsid])) setcookie($tmpsid, $_COOKIE[$tmpsid], time()+2*86400, '/');

[katzlbt]

Logged In: YES
user_id=1527196
Originator: NO

I plan some changes on the authorize.php script that make your changes hard to implement.
I had problems transmitting the session id across the header("Location: ") request in authorize.
Which sometimes lead to instant logout behavior for every link used (browser bug?).

The change leads to the creation of the session cookie BEFORE login which makes Location: work.
So a checkbox on the login panel would come already after the session cookie was created.

A RememberMe (for 5 days) plugin for the main list should be the easiest.
I will attach the code.

File Added: RememberMe.plugin.php

[katzlbt]