Re: [fw-general] Keep me logged in + Password reset for login forms
Op Friday 22 May 2009 17:11:50 schreef bytte: > Thanks Deanna. I was hoping to gain insight from other people's solutions > as well. Anyone? I use almost the same method. I set a cookie with the id from Zend_Session::getId(). In the db there is a table with prim. key the session id. Also the user id, ip and browser agent is stored and a bool if the ip should be locked (session only valid from that ip address). At the end I have a ttd (time to die). During login you can set this option (if the session will be valid for 1 day, 1 month, 1 year). Usually Zend_Auth has a session to check the authentication. If no identity is found, check for the cookie and match it with the database. If one found, you could restore the identity. For a password recovery: just send an email with a link to reset the password. The link will be valid for 24 hours so if another person tries to reset your password, you don't need to do anything. -- Jurian Sluiman Soflomo.com
Re: [fw-general] Keep me logged in + Password reset for login forms
bytte wrote: > > I've created a basic login system using Zend_Auth and Zend_Acl and now I'm > wondering what's the best way to expand my login form with these two extra > functionalities: > > - "keep me logged in on this computer" feature > - password reset if visitor has forgotten password > > These two things seem pretty standard in every web application that needs > authentication so I had hoped to see these built in into the framework. > Yet I can't find any documentation on this matter. It would be great if > you could point me in a direction or link to online tuts tackling the > matter. > if you want to keep users logged in, you can use the remberMe method for Zend_Session, take a look at this example: http://www.mail-archive.com/fw-general@lists.zend.com/msg08602.html -- View this message in context: http://www.nabble.com/Keep-me-logged-in-%2B-Password-reset-for-login-forms-tp23631798p23675982.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Keep me logged in + Password reset for login forms
Thanks Deanna. I was hoping to gain insight from other people's solutions as well. Anyone? -- View this message in context: http://www.nabble.com/Keep-me-logged-in-%2B-Password-reset-for-login-forms-tp23631798p23672419.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Keep me logged in + Password reset for login forms
Op woensdag 20 mei 2009 17:03:29 schreef Deanna Bonds: Hi Deanna, > Although I am thinking of the google model now where you ask personal > questions and allow him to change it to something if he answers correctly. I don't know how Google does this, but it sounds insecure. It's relatively easy to hack an account of you know some (basic) stuff about your victim. Kind regards, -- Bram Schoenmakers What is mind? No matter. What is matter? Never mind. (Punch, 1855)
Re: [fw-general] Keep me logged in + Password reset for login forms
bytte wrote: I've created a basic login system using Zend_Auth and Zend_Acl and now I'm wondering what's the best way to expand my login form with these two extra functionalities: - "keep me logged in on this computer" feature - password reset if visitor has forgotten password These two things seem pretty standard in every web application that needs authentication so I had hoped to see these built in into the framework. Yet I can't find any documentation on this matter. It would be great if you could point me in a direction or link to online tuts tackling the matter. I solved this by creating a second cookie that has a persistent key id in it. Then in the database I store a record with the key, user is, expires date, and ip the key came from. If the user is logged out and they send the persistent key cookie, I look up the record in the database, if the ip matches (I zero out the lower bits to allow for class C IP changing), check expire date. If all is good I log user in automatically. For password reset I just change the password and email him a new one. Although I am thinking of the google model now where you ask personal questions and allow him to change it to something if he answers correctly.
[fw-general] Keep me logged in + Password reset for login forms
I've created a basic login system using Zend_Auth and Zend_Acl and now I'm wondering what's the best way to expand my login form with these two extra functionalities: - "keep me logged in on this computer" feature - password reset if visitor has forgotten password These two things seem pretty standard in every web application that needs authentication so I had hoped to see these built in into the framework. Yet I can't find any documentation on this matter. It would be great if you could point me in a direction or link to online tuts tackling the matter. -- View this message in context: http://www.nabble.com/Keep-me-logged-in-%2B-Password-reset-for-login-forms-tp23631798p23631798.html Sent from the Zend Framework mailing list archive at Nabble.com.