Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help change sess_expiration dynamically
change sess_expiration dynamically
  • Offline Bassam
    Newbie
  • *
  • Posts: 9
    Threads: 3
    Joined: Apr 2015
    Reputation: 0
#1
06-27-2016, 02:14 AM

Hello,

I want change
$config['sess_expiration'] = xxxx;
from controller, with auto-loaded session library
the function $this->config->set_item() will not work because the session library will be actually loaded
--
Briefly
I want to add (remember me checkbox)
when the user choose remmber me, the
sess_expiration = 60*60*24*14 //two weeks
else
sess_expiration = 0 // Until close the browser
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,326
    Threads: 290
    Joined: Oct 2014
    Reputation: 235
#2
06-27-2016, 03:44 AM
(This post was last modified: 06-27-2016, 03:53 AM by InsiteFX. Edit Reason: add I will create when I have the time. )

You use a cookie which you store on the users system, when a user goes to your website you first check to see if they have an auto login cookie if so then you automatically log them in.

Remember Me - Create a cookie encrypted and store on the users system, do not store passwords!

When someone comes to your website check to see if they have that cookie.

I will create and post the methods to do this later this week when I have the time.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline dalcris
    Newbie
  • *
  • Posts: 4
    Threads: 1
    Joined: Mar 2016
    Reputation: 1
#3
06-27-2016, 04:35 AM

(06-27-2016, 02:14 AM)Bassam Wrote: Hello,

I want change
$config['sess_expiration'] = xxxx;
from controller, with auto-loaded session library
the function $this->config->set_item() will not work because the session library will be actually loaded
--
Briefly
I want to add (remember me checkbox)
when the user choose remmber me, the
sess_expiration = 60*60*24*14 //two weeks
else
sess_expiration = 0 // Until close the browser

For security reasons this thing not working.

The persistent login (aka "Remember me" feature) must be implemented separately. How?
1. Create a table (in database) named "persistent_logins" with fields: token (varchar/unique), user_agent (text), ip_address (varchar), user_id (int)
2. When "Remember me" checkbox is checked, create a unique token, save in a cookie (named "persistent_login"), and also save it in db, with user agent (the browser signature) and the IP address.
3. When "Remember me" checkbox is not checked, check the existence of "persistent_login" cookie. If does not exists, do nothing, else, remove from db the record with token equal with "persistent_login" cookie value.
4. On the page controller check the existence of "persistent_login" cookie first. If does not exists, do nothing, else, check if user_agent and IP address is the same as data saved on db. If not, remove from db the record with token equal with "persistent_login" cookie value, else, get the user_id value and call the instance that log in the user.
5. After successfully login (not required, but is a precaution): remove all records that have the logged in user_id and recreate a new record (also update the cookie).
6. At logout, remove the persistent cookie and db record.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB