On Mon, Sep 28, 2009 at 12:06 PM, Kevin <[email protected]> wrote: > Basically took the weekend off due to writers block... Been thinking about > this the whole weekend though. > > Some things to consider: > > 1) With your system, even if the users password has changed, if they still > have a valid cookie with the "code" that matches the "code" in the storage > file, they can override the password and log in. You would have to have a > way that when the password is changed that removes the code from the storage > file to prevent that.
Yes that is true. Of course, whatever form the user uses to change their password could have a line to reset the entry. We at the very least should document that in the plugin page. Good point. > 2) The system you using only works for 1 browser and/or machine etc... > > If you use multiple browsers (ie, FF, Chrome etc) and/or multiple machines > (one at work, one at home and perhaps a netbook) it won't work because only > one would ever be valid. > > It would not work for me as I do login via multiple browsers on multiple > machines. This is another good point. I've no good solution for this at the moment. > Food for thought... Example of SMF forum cookies which do allow multiple > browsers and machines. > > setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + (60 So basically, you store the password and member id in the cookie like this, and then actually authenticate them when being logged in using this information. With the password being double encrypted. So this would not even require a site.persist page. That should make things even easier... Hmmm, I've just tinkered some more using your suggestions and have a script that seems to work even nicer, and more simply. I used your tip about serializing the id/password, with some minimal obscuring of the cookie value and double encrypting of the password so it can't be used as a login option. Very cool suggestions. Wow this thing has gone through a complete rewrite, but I like it. I just updated the docs and loaded the new script. Please take a look and let me know what you think. Cheers, Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
