Fresh Powered - Auth Library

[eluser]Edmundas Kondrašovas[/eluser]
[quote author="tdktank59" date="1226112714"]you need to download the zip in the installation part of the doc[/quote]
Oh, thanks. It's odd that I missed it. Although I'd suggest to include the download link in the first post.

[eluser]Adam Griffiths[/eluser]
[quote author="adijux" date="1226112927"][quote author="tdktank59" date="1226112714"]you need to download the zip in the installation part of the doc[/quote]
Oh, thanks. It's odd that I missed it. Although I'd suggest to include the download link in the first post.[/quote]

The download link is now also shown underneath the links to the forum threads for each library.

[eluser]abmcr[/eluser]
A simple question: the login authorization as a cookie for "reminder on this computer" or only a session? Thank you

[eluser]Adam Griffiths[/eluser]
At the moment it is only a session. I plan to have a remember me feature in future releases, but until I can find a secure way of authenticating a cookie, it will only use sessions.

[eluser]abmcr[/eluser]
And at this moment, the time expiration of cookie may be 3 days for example? But, in all case, when i rebbot the browser the login is stopped? Thank you and excuse my poor english language

[eluser]Adam Griffiths[/eluser]
The auth library only uses sessions. So once the session has ended (the browser has been closed) you are no longer logged in. You are welcome to add a remember me cookie, but at this point in time I won't because I believe it to be a security flaw.

[eluser]tdktank59[/eluser]
encypt it with the encyption key..

And or

Store only enough info and a random string use the info to start the session and the string to authenticate it

Just an idea in all cases encyption is key

And another way could be to store the username and password in the cookie with the password encypted then encypt the whole cookie with the encryption key!

[eluser]Adam Griffiths[/eluser]
[quote author="tdktank59" date="1226273053"]encypt it with the encyption key..

And or

Store only enough info and a random string use the info to start the session and the string to authenticate it

Just an idea in all cases encyption is key

And another way could be to store the username and password in the cookie with the password encypted then encypt the whole cookie with the encryption key![/quote]

This is what I was initially thinking, encrypting some portion of the data. But then that won't help against cookie stealing. I will find a way.

[eluser]tdktank59[/eluser]
use the ip address as well...

Store the ip address, browser those sorts of things... (all are part of the CI session stuff anyways...) use those all as the digital finger print

[eluser]Adam Griffiths[/eluser]
Most IP address' are dynamic so change each time you connect to the internet. Using the user agent should be secure, I'm going to go try it now.