发表新帖
发表新帖

Codeigniter - Session expiration and “remember me” feature

前端 未结
关注
3 1077
囚心锁ツ
囚心锁ツ 2020-12-29 12:36

I\'m building a \"Remember Me\" feature in Codeigniter, normally I see libraries/projects setting a cookie on the user with a token, this token gets saved in the database an

相关标签:
3条回答
  • 余生分开走
    2020-12-29 13:11

    The simpliest solution that I have found for this problem is to just modify the cookie created by Codeigniter by this way:

            $this->session->set_userdata('user', $user); // a cookie has been created
        if($this->input->post('remember_me'))
        {
            $this->load->helper('cookie');
            $cookie = $this->input->cookie('ci_session'); // we get the cookie
            $this->input->set_cookie('ci_session', $cookie, '35580000'); // and add one year to it's expiration
        }
    0 讨论(0)
  • 悲&欢浪女
    2020-12-29 13:11

    I can't say it's not right, but I can tell you my way of doing this:

    First I set the session to expires on browser close with a default uptime of 7200.

    Then:

    1. The login sets session userdata

    2. The "remember me" sets a separated cookie (I store an encrypted hash containing user's email+password+id ie: md5(pass+email+id))

    Every time the user loads a page I control if the remember me cookie exist, if exist I create the user session.

    The only thing I know is that session, uses an encryption key, a malicious attacker will take time to decrypt, so the less a session key exist the less time attacker has for decrypt the current key.

    I always avoid session to not expire, so the Remember me, is always something not good for security I think, but anyway is the user to choose or not if to use that feature ;)

    0 讨论(0)
  • 野的像风
    2020-12-29 13:22

    Also this can be done by editing/extending system Session library.

    First: Set regular session expire time in config file. Second: In user login function add remember me check-

        if($remember)
    {
        $data['new_expiration'] = 60*60*24*30;//30 days
        $this->session->sess_expiration = $data['new_expiration'];
    }
    $this->session->set_userdata($data);

    Third: Edit system Session library [I am not sure whether extending Session will work or not] Go to this line in sess_read() method

    if (($session['last_activity'] + $this->sess_expiration) < $this->now)

    Before that line add following code

    if(isset($session['new_expiration'])){
   $this->sess_expiration = $session['new_expiration'];
}

    This works fine for me.

    0 讨论(0)
 看不清?
提交回复
热议问题