Author
|
Message
|
Eirik Alfstad Johansen
|
Wednesday 24 March 2004 1:43:25 am
Hi ez, After having browsed the forums I've noticed that several people have requested the "remmeber me" feature of the login (having it stored in a cookie) over the past months. What's the status on this feature? Will it be implemented in v. 3.4? Has anyone implemented it/made an extension for it? Thanks in advance ! Sincerely, Eirik Johansen
Sincerely,
Eirik Alfstad Johansen
http://www.netmaking.no/
|
Gabriel Ambuehl
|
Sunday 11 December 2005 4:42:28 am
Same question but about version 3.6/3.7
Visit http://triligon.org
|
Paul Borgermans
|
Sunday 11 December 2005 6:47:46 am
Not standard, but as contribution by Kristof: http://ez.no/community/contribs/hacks/cookie_user Regards --paul
eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans
|
Gabriel Ambuehl
|
Sunday 11 December 2005 11:30:14 am
Nice, I was just thinking about writing something very similar ;) This should be integrated (and used on ez.no while we're at it ;) Doesn't really seem to work for me: http://ez.no/community/contribs/hacks/cookie_user#msg89198
Visit http://triligon.org
|
Kristof Coomans
|
Tuesday 13 December 2005 6:39:21 am
I've made a mistake with the extension directory name. I've uploaded a new tarball with the fix. If I have time, I will try to test and release a new version with seperate cookies per site access (already in SVN, kernel patches not modified yet) and patches for newer eZ publish versions.
independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org
|
Gabriel Ambuehl
|
Tuesday 13 December 2005 7:41:31 am
I'll try it later today. Can you comment on what version it should work on?
Visit http://triligon.org
|
Kristof Coomans
|
Tuesday 13 December 2005 8:29:17 am
We use it on a portal made with eZ publish 3.6.4. But I think it works with 3.6.x. Haven't tested it yet with 3.7.
independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org
|
Paul Borgermans
|
Tuesday 13 December 2005 10:38:41 am
Yes, it works with 3.7 (the same portal Kristof mentions, but upgraded to 3.7 on a test server) Other extensions are broken and may need a branch for 3.7/3.8 Regards --paul
eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans
|
Gabriel Ambuehl
|
Wednesday 14 December 2005 2:52:27 am
I can report success with the tarball and 3.6.4! Thanks a lot!
Visit http://triligon.org
|
Gabriel Ambuehl
|
Wednesday 14 December 2005 4:14:03 am
Looking at it, it might make sense to encrypt the contents of the cookies?
Visit http://triligon.org
|
Gabriel Ambuehl
|
Thursday 15 December 2005 1:34:47 am
There seems to be another bug: when clicking on logout, the cookies don't seem to get deleted and one thus stays logged in! The usually expected behavior would likely be to really get logged out, have the cookies deleted and be asked for PW next time one comes around...
Visit http://triligon.org
|
Kristof Coomans
|
Thursday 15 December 2005 5:42:22 am
I have some days off from work so I'm not going to fix these issues immediately, but maybe you can contribute to the extension (it's in the community svn repository) by adding this functionality. Encryption of the cookies would be safer of course.
Some hints on how to remove cookies on logout:
From kernel/user/logout.php: include_once( "lib/ezutils/classes/ezhttptool.php" );
include_once( "kernel/classes/datatypes/ezuser/ezuser.php" );
$http =& eZHTTPTool::instance();
$user =& eZUser::instance();
$user->logoutCurrent();
$http->setSessionVariable( 'force_logout', 1 );
$ini =& eZINI::instance();
$redirectURL = $ini->variable( 'UserSettings', 'LogoutRedirect' );
return $Module->redirectTo( $redirectURL );
The session variable 'force_logout' isn't used anywehere else by the system (I've tried to find it in other files with grep). You can check on the existence of this session variable in cookieuser/login.php and if it exists, delete the login cookies and afterwards remove the session variable. I think this will work. Good luck!
independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org
|
Kristof Coomans
|
Monday 16 January 2006 2:36:39 am
Check out the new version (1.3) of Cookie User (http://ez.no/community/contribs/hacks/cookie_user), which
- encrypts the password cookie - disables authentication cookie checking on logout
independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org
|
Valentin Doroschuk
|
Wednesday 16 August 2006 8:48:58 am
Added this posibility to 3.9.0alpha1 (trunk rev. 16616).
|