Remember Me Setting |
[eluser]Zack Kitzmiller[/eluser]
I did a quick search for this, but didn't see anything. Does anyone have a best practice for offering a user a 'Remember Me' option, where their session lasts two weeks or so, using CI Sessions? I could do this easy enough using cookies, but was wondering to see if anyone had a quick way to handle this.
[eluser]richthegeek[/eluser]
the option simply modifies the cookie expiry time..
[eluser]Zack Kitzmiller[/eluser]
Obviously, but I was asking if this is possible using CI sessions. As Far I can tell, there is now way to modify the config per usage of the library.
[eluser]devbro[/eluser]
I found that extending session is not a very wise idea thanks to the fact that cookies can be copied out. Here is how I got it done: 1. create a special cookies: remeber_me_username, remember_me_hash 2. create a database table that connects the cookies to proper account info. 3. on each page access do the following: 3.1 If user is logged in then ignore 3.2 if user is not logged in and cookies exists then validate cookie/database and call login procedure
[eluser]skunkbad[/eluser]
I just use standard PHP $_SESSION to achieve the persistent login. I create a hook that starts the session, and checks for either $_POST['persistent'] or $_SESSION['persistent']. Based on this, the session duration can be set to whatever you want... $_SESSION is good! If it ain't broke, why fix it?
[eluser]heavenquake[/eluser]
The best practice to achieve this functionality is simply remembering the user always, by having a high cookie expiration date. If you want optimum security, you can use the database session schema mentioned in the userguide. http://ellislab.com/codeigniter/user-gui...sions.html Remember: CI sessions are just encrypted cookies. |
Welcome Guest, Not a member yet? Register Sign In |