'记住我'登录CodeIgniter [英] ‘Remember Me’ Login in CodeIgniter
问题描述
如何在CodeIgniter中实现此功能?
How do you implement this in CodeIgniter?
推荐答案
(此答案是对原始问题的回复)
(This answer was a response to the original question)
你会怎么做?或者,
如何创建一个比其他人更长的
过期日期的会话?
将使用
配置文件中的
same $ config ['sess_expiration'](默认值:7200秒),
是有办法传递自定义值
?
延长会话cookie的到期时间对于记住我功能不起作用,因为用户将在关闭浏览器时丢失他们的会话cookie。如果代码Igniter没有本机的记住功能,那么你需要写一些东西来删除一个长期的cookie,其中包含的信息将允许自动登录时,服务器再次看到。
Extending the expiration of a session cookie isn't going to work for a "remember me" feature, since the user will lose their session cookie when they close the browser. If Code Igniter doesn't have a native "remember feature", then you'll need to write something to drop a long-life cookie which contains information which will allow an automatic login when the server sees it again.
有关持久登录Cookie的最佳文章练习,可概括为:
- 当用户成功登录时记住我检查后,除了
标准会话管理Cookie之外,还会发出登录
Cookie。 2 - 登录cookie包含用户的用户名和一个随机数
(从这里开始的令牌),来自
适当大的空间。用户名和
令牌作为一个对存储在
数据库表中。 - 当非登录用户访问网站并提供登录cookie时,
用户名和令牌在数据库中查找
。
1.如果存在配对,则认为用户已通过身份验证。
使用的令牌将从
数据库中删除。生成一个新令牌,
存储在数据库中,用户名为
,并通过新的登录
cookie发布给用户。
2.如果该对不存在,则忽略登录cookie。 - 仅通过此机制进行身份验证的用户是
不允许访问某个
保护的信息或功能
,例如更改密码,查看
个人识别信息,或
花钱。要执行这些
操作,用户必须首先
成功提交正常的
用户名/密码登录表单。 - 由于这种方法允许用户多个记住从不同的浏览器或
电脑的
登录,提供了
的机制,用户在单个操作中清除所有记住的
登录。
- When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard session management cookie.2
- The login cookie contains the user's username and a random number (the "token" from here on) from a suitably large space. The username and token are stored as a pair in a database table.
- When a non-logged-in user visits the site and presents a login cookie, the username and token are looked up in the database. 1. If the pair is present, the user is considered authenticated. The used token is removed from the database. A new token is generated, stored in database with the username, and issued to the user via a new login cookie. 2. If the pair is not present, the login cookie is ignored.
- Users that are only authenticated via this mechanism are not permitted to access certain protected information or functions such as changing a password, viewing personally identifying information, or spending money. To perform those operations, the user must first successfully submit a normal username/password login form.
- Since this approach allows the user to have multiple remembered logins from different browsers or computers, a mechanism is provided for the user to erase all remembered logins in a single operation.
另一篇文章将在改进的持久性登录Cookie最佳做法
如果您遵循这些文章中的做法,您就不会错过!
If you follow the practices in those articles, you won't go far wrong!
这篇关于'记住我'登录CodeIgniter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
