Welcome Guest, Not a member yet? Register   Sign In
how to implement remember me using session in CI?

(This post was last modified: 01-18-2018, 01:01 PM by PaulD.)

I use IonAuth so all that stuff is done for me by the generous author.

However, as far as I understand it, you set a cookie (quite separate from the session cookie) like in your example 1, but you set the cookie to never expire (2 weeks makes no sense) and for any page load, if the current session (whether it is set to expire in 1 hour, or more, or whatever, it makes no difference) is not a logged in user, you check for the existence of the remember_me cookie. If it is found the code in it is matched against a user, and if matched, you log in the user (setting whatever session variables you use for your login) (after checking the user is not banned or membership expired etc) and the users page load shows him/her already logged in and recognised. Even if they used a deep link to something inside the site, they should get logged in automatically. This means you need to use a pre-controller hook so that any controller called runs the check. Are they logged in? No. Have they got a remember_me cookie set? Yes. Does it match a current user? Yes. Log them in and continue.

Hope that helps. I am sure like all things there are lots of ways of doing this.


PS Just to add to the complication, if the remember me cookie for a particular ip address does not match a user, you need to log that, or delete the remember me cookie, or do a timeout before they can try again. Otherwise I could just keep trying remember me codes until I found one that worked. I am by no means a security person, hence I use well tested and tried libraries by people that have thought this all through with a better understanding of security issues surrounding authentication.

Messages In This Thread
RE: how to implement remember me using session in CI? - by PaulD - 01-18-2018, 12:58 PM

Theme © iAndrew 2016 - Forum software by © MyBB