change sess_expiration dynamically |
Hello,
I want change $config['sess_expiration'] = xxxx; from controller, with auto-loaded session library the function $this->config->set_item() will not work because the session library will be actually loaded -- Briefly I want to add (remember me checkbox) when the user choose remmber me, the sess_expiration = 60*60*24*14 //two weeks else sess_expiration = 0 // Until close the browser
06-27-2016, 03:44 AM
(This post was last modified: 06-27-2016, 03:53 AM by InsiteFX. Edit Reason: add I will create when I have the time. )
You use a cookie which you store on the users system, when a user goes to your website you first check to see if they have an auto login cookie if so then you automatically log them in.
Remember Me - Create a cookie encrypted and store on the users system, do not store passwords! When someone comes to your website check to see if they have that cookie. I will create and post the methods to do this later this week when I have the time. What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
(06-27-2016, 02:14 AM)Bassam Wrote: Hello, For security reasons this thing not working. The persistent login (aka "Remember me" feature) must be implemented separately. How? 1. Create a table (in database) named "persistent_logins" with fields: token (varchar/unique), user_agent (text), ip_address (varchar), user_id (int) 2. When "Remember me" checkbox is checked, create a unique token, save in a cookie (named "persistent_login"), and also save it in db, with user agent (the browser signature) and the IP address. 3. When "Remember me" checkbox is not checked, check the existence of "persistent_login" cookie. If does not exists, do nothing, else, remove from db the record with token equal with "persistent_login" cookie value. 4. On the page controller check the existence of "persistent_login" cookie first. If does not exists, do nothing, else, check if user_agent and IP address is the same as data saved on db. If not, remove from db the record with token equal with "persistent_login" cookie value, else, get the user_id value and call the instance that log in the user. 5. After successfully login (not required, but is a precaution): remove all records that have the logged in user_id and recreate a new record (also update the cookie). 6. At logout, remove the persistent cookie and db record. |
Welcome Guest, Not a member yet? Register Sign In |