Welcome to Geeklog, Anonymous Friday, May 03 2024 @ 05:46 pm EDT
Geeklog Forums
Stay logged in indefinitely
Status: offline
RickW
Forum User
Full Member
Registered: 01/28/04
Posts: 240
Location:United States
I know there are cookie settings in the config, and I have tried setting the timeouts/expiration for a very long time, but it isn't helping much. When I or another user logs into my site, I want them to stay logged in permanently until they either manually log out or delete their cookie.
Can this be done?
www.antisource.com
Can this be done?
www.antisource.com
3
1
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by RickW: Can this be done?
Well ...
A cookies must have an expiry date. So "indefinitely" is not possible, but you could set the expiry date to be several years in the future.
There is, however, the security aspect to consider. As long as the cookie exists, you are logged in automatically. So if someone manages to steal your cookie, they can log in to your site with your identity. Therefore, it is actually a good thing to let the cookie expire from time to time and force people to log in again.
This is also the reason why we removed the option to stay logged in for a year from recent Geeklog versions.
bye, Dirk
1
2
Quote
Status: offline
RickW
Forum User
Full Member
Registered: 01/28/04
Posts: 240
Location:United States
I'm not so concerned with the security aspect because of the way I'm using user accounts - they're mainly going to be for the forums, and any other site features like submitting articles are using submission queues that I'm moderating.
Perhaps as a new feature for GL2, you can have different login policies for different groups. For example, normal Users can stay logged in for a long time, but Administrators have to log back in every time, perhaps with an additional PIN they have to enter that is kept in a separate cookie, hashed, and unique per account. Or maybe the Administrators can stay logged in to but need the PIN to revalidate their session.
www.antisource.com
Perhaps as a new feature for GL2, you can have different login policies for different groups. For example, normal Users can stay logged in for a long time, but Administrators have to log back in every time, perhaps with an additional PIN they have to enter that is kept in a separate cookie, hashed, and unique per account. Or maybe the Administrators can stay logged in to but need the PIN to revalidate their session.
www.antisource.com
2
1
Quote
Okay I'm going to set the permanent cookie for 6 months, that should do it...
I have a question about the cookie variables. What does cookiesecure do? What does cookie_session and cookie_password represent?
www.antisource.com
I have a question about the cookie variables. What does cookiesecure do? What does cookie_session and cookie_password represent?
www.antisource.com
1
2
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
I see why you added the emoticons that you did.
Okay as a suggestion, you could add your docs section into the search function (with the #bookmarks) so it comes up as a top result for those search keywords. I did search first before posting.
www.antisource.com
3
1
Quote
All times are EDT. The time is now 05:46 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content