Welcome Guest, Not a member yet? Register   Sign In
"Don't Remember Me" Login
#1

[eluser]Prophet[/eluser]
By default, my application automatically "remembers" users because the session expiry is set to 2 weeks. I understand that some users may not want to be "remembered" if they log in from a computer that is used by other people. Of course a Logout function is provided, but not everybody uses it.

Is there a way to set the session expiry time per user in CI? I would have a "Don't Remember Me" checkbox on the login page, and if this was checked the session would only last until the browser is closed. Also, would I need to set sess_match_useragent to FALSE to achieve this?

Thanks in advance,
Joseph
#2

[eluser]WanWizard[/eluser]
You can store the value of this "Dont remember me" checkbox in the session.

Then you have to extend the session class, so you can add a new session method that calls the _set_cookie() method to update the session cookie, with your new expiration time. Call this method after login and after re-establishing the login state.
#3

[eluser]Eric Brown[/eluser]
Why not just have a "remember me" box checked by default and allow the user to uncheck at login? This is what 99% of sites / app do. Don't make the user think about how to perform some action.
#4

[eluser]WanWizard[/eluser]
I agree that a 'remember me' box is absolutely more user friendly, it's what people are used to.

You still have to store the value somewhere (because you have to use it to modify the defined sess_expiration value). And you still have to extend the session class though, to get support for 'session expiration at browser exit', which CI doesn't do out of the box.
#5

[eluser]Prophet[/eluser]
I was playing around extending the session class today and I can't for the life of me work out how to specify the sess_expiration value per session. I am able to change the value using $this->session->sess_expiration = .. value (confirmed by logging sess_expiration value in _set_cookie()) but the sessions still last for the time specified in the config file.

I did a bit of searching and found some useful threads so I'll look into it more tomorrow. Thanks for the advice guys.
#6

[eluser]WanWizard[/eluser]
We do it like this:
Code:
class MY_Session extends CI_Session
{
    /**
     * Constructor
     *
     * @return void
     * @access public
     */
    function MY_Session()
    {
        // call the parent constructor
        parent::CI_Session();

        // fetch the session expiration from the config again, to work around the
        // assumption of CI_SESSION that a zero value means '2 years',
        // instead of the normal definition 'end of session'!
        $this->sess_expiration = $this->CI->config->item('login_expire', 'exitecms');
    }

    // --------------------------------------------------------------------

    /**
     * Write the session cookie
     *
     * Our version supports cookie expiration at end-of-session
     *
     * @access    public
     * @return    void
     */
    function _set_cookie($cookie_data = NULL)
    {
        if (is_null($cookie_data))
        {
            $cookie_data = $this->userdata;
        }

        // Serialize the userdata for the cookie
        $cookie_data = $this->_serialize($cookie_data);

        if ($this->sess_encrypt_cookie == TRUE)
        {
            $cookie_data = $this->CI->encrypt->encode($cookie_data);
        }
        else
        {
            // if encryption is not used, we provide an md5 hash to prevent userside tampering
            $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
        }

        // Set the cookie
        setcookie(
                    $this->sess_cookie_name,
                    $cookie_data,
                    ( $this->sess_expiration ? $this->sess_expiration + time() : 0),
                    $this->cookie_path,
                    $this->cookie_domain,
                    0
                );
    }
}
#7

[eluser]Prophet[/eluser]
Bit of a late reply here...

WanWizard, to implement your solution can I just replace 'session' with 'MY_Session' in the $autoload['libraries'] array?




Theme © iAndrew 2016 - Forum software by © MyBB