Forums / Developer / What's the status on the "remember me" feature?

What's the status on the "remember me" feature?

Author Message

Eirik Alfstad Johansen

Wednesday 24 March 2004 1:43:25 am

Hi ez,

After having browsed the forums I've noticed that several people have requested the "remmeber me" feature of the login (having it stored in a cookie) over the past months.

What's the status on this feature? Will it be implemented in v. 3.4? Has anyone implemented it/made an extension for it?

Thanks in advance !

Sincerely,

Eirik Johansen

Sincerely,

Eirik Alfstad Johansen
http://www.netmaking.no/

Gabriel Ambuehl

Sunday 11 December 2005 4:42:28 am

Same question but about version 3.6/3.7

Visit http://triligon.org

Paul Borgermans

Sunday 11 December 2005 6:47:46 am

Not standard, but as contribution by Kristof:

http://ez.no/community/contribs/hacks/cookie_user

Regards

--paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

Gabriel Ambuehl

Sunday 11 December 2005 11:30:14 am

Nice, I was just thinking about writing something very similar ;)

This should be integrated (and used on ez.no while we're at it ;)

Doesn't really seem to work for me: http://ez.no/community/contribs/hacks/cookie_user#msg89198

Visit http://triligon.org

Kristof Coomans

Tuesday 13 December 2005 6:39:21 am

I've made a mistake with the extension directory name. I've uploaded a new tarball with the fix. If I have time, I will try to test and release a new version with seperate cookies per site access (already in SVN, kernel patches not modified yet) and patches for newer eZ publish versions.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Gabriel Ambuehl

Tuesday 13 December 2005 7:41:31 am

I'll try it later today. Can you comment on what version it should work on?

Visit http://triligon.org

Kristof Coomans

Tuesday 13 December 2005 8:29:17 am

We use it on a portal made with eZ publish 3.6.4. But I think it works with 3.6.x. Haven't tested it yet with 3.7.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Paul Borgermans

Tuesday 13 December 2005 10:38:41 am

Yes, it works with 3.7 (the same portal Kristof mentions, but upgraded to 3.7 on a test server)

Other extensions are broken and may need a branch for 3.7/3.8

Regards

--paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

Gabriel Ambuehl

Wednesday 14 December 2005 2:52:27 am

I can report success with the tarball and 3.6.4! Thanks a lot!

Visit http://triligon.org

Gabriel Ambuehl

Wednesday 14 December 2005 4:14:03 am

Looking at it, it might make sense to encrypt the contents of the cookies?

Visit http://triligon.org

Gabriel Ambuehl

Thursday 15 December 2005 1:34:47 am

There seems to be another bug: when clicking on logout, the cookies don't seem to get deleted and one thus stays logged in!

The usually expected behavior would likely be to really get logged out, have the cookies deleted and be asked for PW next time one comes around...

Visit http://triligon.org

Kristof Coomans

Thursday 15 December 2005 5:42:22 am

I have some days off from work so I'm not going to fix these issues immediately, but maybe you can contribute to the extension (it's in the community svn repository) by adding this functionality.

Encryption of the cookies would be safer of course.

Some hints on how to remove cookies on logout:

From kernel/user/logout.php:

include_once( "lib/ezutils/classes/ezhttptool.php" );
include_once( "kernel/classes/datatypes/ezuser/ezuser.php" );

$http =& eZHTTPTool::instance();

$user =& eZUser::instance();
$user->logoutCurrent();

$http->setSessionVariable( 'force_logout', 1 );

$ini =& eZINI::instance();
$redirectURL = $ini->variable( 'UserSettings', 'LogoutRedirect' );

return $Module->redirectTo( $redirectURL );

The session variable 'force_logout' isn't used anywehere else by the system (I've tried to find it in other files with grep). You can check on the existence of this session variable in cookieuser/login.php and if it exists, delete the login cookies and afterwards remove the session variable. I think this will work.

Good luck!

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Kristof Coomans

Monday 16 January 2006 2:36:39 am

Check out the new version (1.3) of Cookie User (http://ez.no/community/contribs/hacks/cookie_user), which
- encrypts the password cookie
- disables authentication cookie checking on logout

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Valentin Doroschuk

Wednesday 16 August 2006 8:48:58 am

Added this posibility to
3.9.0alpha1 (trunk rev. 16616).