Improve Remember Me cookie feature and security

[devplanete]

A cookie token can now be used only once.

Cookie hash of user_id & token is now salted with a secret key

[panique]

Can you please

1. add a standard domain (so that the script is useable out of the box)
2. add everything that is necessary to the readme/installing instructions

I've currently no time to check this...

Big thanks!

[devplanete]

@panique standard domain added in configuration file and readme/installing instructions updated

@sleggat bug in doLogout() solved, thanks

[panique]

Looks perfect! Thanks a lot! ;)

[sleggat]

@panique Just wondering, is there any plan to allow for multiple cookies, so users can be logged in on more than 1 computer at a time?

[panique]

I think the user already can be logged in from several computers at the same time (at least in version 4-full). Hm... Okay I just looked at 2-advanced and is another cookies handling built in (this has been done by somebody else) and it's not the same like in 4-full, so i cannot say if this is possible or not (dont have time and nerve to check this).

I'll have a look on this in the end of 2013.

[devplanete]

you right @sleggat, it's currently not possible with 2-advanced because each time you use a cookie, a new cookie token is created and replace old one.
It's for security reason: cookie token can be used only once and if someone can retrieve your cookie, it will not be usable anymore...

If you want to disable this security feature and be logged in on more than 1 computer, just comment the call to "$this->newRememberMeCookie();" near the end of "loginWithCookieData()" function.