[MERGE REQUEST] Cookie/Remember me feature for 2-advanced #141
Conversation
Add login via cookie feature
I put cookie conf here but ONE common configuration file need to be created with all the content of this folder
Creation on ONE common configuration file
only one common configuration file
only one common configuration file
only one common configuration file
only one common configuration file
|
Looks good, I will test this in the next few days and then merge into the dev branch ! |
|
This is a quite good commit, buuuuut: You are putting the sha1-hashed password "directly" into the cookie, which might be dangerous. The 4-full-mvc-framework version creates a random string, writes it into the database and puts it (hashed) into the cookie. This string is only valid for the cookie lifetime. The password is never gaven away in any hashed/salted/etc way to the cookie. I think it might be better to adapt that behaviour into the 2-advanced version. Have a look here: https://github.com/panique/php-login/blob/master/4-full-mvc-framework/models/login_model.php Sorry, but i have to reject this merge request :( |
|
I will have a look when I have some time |
Cookie login feature for 2-advanced