Menu
in Codeigniter I am building an Authentication system for my web site and to achieve that I use session library
session->set_userdata('username') this will save the session -I believe- for some time
I want to provide a "remember me" checkbox in the login form so the user can save the session forever - could not find a way to save the session forever!?
Note:$sess_expiration will not work because it sets expiration date for all users and what I want to do is setting the expiration date based on his preferences
is that possible? and how to do it?
Thanks
268
A more secure way to implement the remember me feature is to store a random token instead of a user id in both cookies and database server. When users access the web application, you match the cookies' tokens with those stored in the database. Also, you can check the token's expiration time.
Create a login form that has two input elements for entering username and password, a submit button, and a checkbox for Remember me. encryptCookie() – This function takes a single parameter. Generate random key and assign to $key.
If the remember me checkbox is checked you set a cookie on the user's system with a random string. E.g.:
$cookie = array( 'name' => 'remember_me_token', 'value' => 'Random string', 'expire' => '1209600', // Two weeks 'domain' => '.your_domain.com', 'path' => '/' ); set_cookie($cookie); You also save this random string in the users table, e.g. in the column remember_me_token.
Now, when a user (who is not yet logged in) tries to access a page that requires authentication:
remember_me token on his systemIf one of the requirements above is not met, you redirect them to the login page.
For security reasons you may want to renew the random remember_me_token every time the user logs in. You can also update the expiry date of the cookie every time the user logs in. This way he will stay logged in.
It would be too much work to write all the code for you, but I hope this helps you to implement this functionality yourself. Please comment if you have any questions. Good luck.
173
I needed the same thing. You cannot accomplish this using CI settings so I have chosen to override the setcookie method of the CI Session class (in MY_Session):
function _set_cookie($cookie_data = NULL) { if (is_null($cookie_data)) { $cookie_data = $this->userdata; } // Serialize the userdata for the cookie $cookie_data = $this->_serialize($cookie_data); if ($this->sess_encrypt_cookie == TRUE) { $cookie_data = $this->CI->encrypt->encode($cookie_data); } else { // if encryption is not used, we provide an md5 hash to prevent userside tampering $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key); } setcookie( $this->sess_cookie_name, $cookie_data, $this->userdata('rememberme') == true ? $this->sess_expiration + time() : 0, $this->cookie_path, $this->cookie_domain, 0 ); } Of course you need to set the rememberme flag in your session based upon the choice the user made.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
