Login

Basic App · 02-28-2019, 02:42 AM

(02-26-2019, 08:21 AM)kilishan Wrote: If you're going the route of rolling your own, be sure to check out best practices that others have already done. This article from the Paragon Initiative is an excellent guide.

The practices written in the article are well applicable to the case when the remember_me option allows the authorization of the user to live longer than the framework session. At the moment I do not set such a goal, my task is the reverse, so that in the absence of the remember_me flag, authorization is lost after the user has closed the browser.
See what I found in the code of the library you offer in the myth-auth/src/Authentication/LocalAuthenticator file.php in the check function

PHP Code:
if ($this->isLoggedIn())
{
    return true;
}
// Check the remember me functionality.
helper('cookie');
$remember = get_cookie('remember');
.... 

In this code we can see that if the framework session has authorization, then the user is authorized. A session framework at basic settings is not destroyed when you close the browser. Therefore, this solution does not suit me, because it does not implement my main task.

I realized what I wrote about above in the Baisic App, who are interested, you can see here:

https://github.com/basic-app/module-admi...hTrait.php

In fact, I made a cookie "don't remember me", which is required only if the user does not put the flag when authorizing remeber me, and if the flag remember me is, the authorization occurs as usual.

PS: I draw attention to the fact that modern browsers with basic settings may not support session cookies, and this will not work. For example, in Google Chrome, these are the options "Continue where you left off" and "Continue running background apps when Google Chrome is closed".

Basic App, an open source simple CMS based on CodeIgniter 4