Ion Auth - Lightweight Auth System based on Redux Auth 2

[eluser]Ben Edmunds[/eluser]
huuray,

It's open source so feel free dude!

[eluser]ladooboy[/eluser]
Hi !

About the Sessions and remember me function.

My remember_me function is currently not working.

Problem: Once I have ticked "Remember me" and login, then close the browser and re-open the webpage on the same browser my session(cookie)is automatically destroyed, but not the session data in the DB. How can I prevent the cookie from being destroyed once I close the browser ?

ps:
the logged_in() function wasn't secure enough. What I did is following:

ion_auth_model

Code:

$hash = $this->hash_string($result->id.$result->password.$identity);
                
                $this->session->set_userdata('hash',$hash);

ion_auth

Code:

public function logged_in()
    {
        $identity = $this->ci->config->item('identity', 'ion_auth');
        
        if($this->ci->session->userdata($identity) && $this->ci->session->userdata('hash'))
        {
            $email = $this->ci->session->userdata($identity);
            $sess_hash = $this->ci->session->userdata('hash');            
            $result = $this->ci->ion_auth_model->get_data('users','id,password',array($identity=>$email),NULL);
            
            if($result)
            {
                $db_hash = $this->ci->ion_auth_model->hash_string($result->id.$result->password.$email);
      

                if ($sess_hash == $db_hash) return TRUE;    //if hash from session variable matches this hash user is logged in
            }
            return FALSE;
        }
        return FALSE;
    }

Code:

public function hash_string($value)
    {
        return sha1($value);
    }

I just hash the user id,password and email address and put it encrypted into session_id. Everytime he logged_in() function is run it checks by getting the DATA from the DB if the hash is matches and redirects accordingly.

[eluser]Ben Edmunds[/eluser]
ladooboy,

Do you have "remember me" turned on in the config file?

If you are using database sessions I really don't see the point in your logged_in changes. Maybe you can explain the need but it looks like your adding complexity and additional DB queries for no reason...

[eluser]ladooboy[/eluser]
Yes, it's turned on:

Code:

$config['remember_users']      = TRUE;

[eluser]Ben Edmunds[/eluser]
ladooboy,

Not sure what to tell you exactly. Make sure you're not loading or autoloading the config just the libarry, it handles the loading itself.

Troubleshoot it some and I'll help where I can.

[eluser]ladooboy[/eluser]

Code:

if (!$this->logged_in() && get_cookie('identity') && get_cookie('remember_code'))
        {
            
            $this->ci->ion_auth_model->login_remembered_user();
        }

Found out that the $this->logged_in() function always returns TRUE when you're logged in(obviously). May I ask what the reason is here for checking if it's FALSE ?

[eluser]Ben Edmunds[/eluser]
ladooboy,

That check is there so it only logs in a remembered user if they are not already logged in. There is no need to login if the user is already logged in. Make sense?

[eluser]ladooboy[/eluser]
Hi Ben,

Yes, it makes sense. I've found the stupid problem. I had checked "Never remember History" in FF which caused the cookie removal. I've changed it back to remember history and it works now.

Such a stupid mistake which cost me some hours to troubleshoot.

Thanks.

[eluser]Ben Edmunds[/eluser]
ladooboy,

No worries, glad you got it working.

[eluser]hugle[/eluser]
Hello Ben and others

I came here with one suggestion, I think it would be correct, if we delete userdata of user, whom we just have deactivated. Otherwise it stays logged on..

Other than that, is working nicely

Thanks for nice library