session - ‘Remember Me’ 登录 CodeIgniter

Question

你如何在 CodeIgniter 中实现它？

Answer 1

(这个答案是对原始问题的回应)

How would you do this ? Or, how would you create a session with a longer expiration date than the others ?

All created sessions would use the same $config['sess_expiration'] in the config file (default: 7200 seconds), is there a way to pass a custom value ?

延长 session cookie 的到期时间对“记住我”功能不起作用，因为用户在关闭浏览器时将丢失他们的 session cookie。如果 Code Igniter 没有原生的“记住功能”，那么您需要编写一些东西来删除一个长生命周期 cookie，其中包含允许服务器再次看到时自动登录的信息。

Persistent Login Cookie Best Practice上有一篇好文章，可以概括为:

1. When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard session management cookie.2
2. The login cookie contains the user's username and a random number (the "token" from here on) from a suitably large space. The username and token are stored as a pair in a database table.
3. When a non-logged-in user visits the site and presents a login cookie, the username and token are looked up in the database. 1. If the pair is present, the user is considered authenticated. The used token is removed from the database. A new token is generated, stored in database with the username, and issued to the user via a new login cookie. 2. If the pair is not present, the login cookie is ignored.
4. Users that are only authenticated via this mechanism are not permitted to access certain protected information or functions such as changing a password, viewing personally identifying information, or spending money. To perform those operations, the user must first successfully submit a normal username/password login form.
5. Since this approach allows the user to have multiple remembered logins from different browsers or computers, a mechanism is provided for the user to erase all remembered logins in a single operation.

在 Improved Persistent Login Cookie Best Practice 中为这些想法构建更多安全性的另一篇文章

如果你遵循这些文章中的做法，你就不会出错!