This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use the new forum.
Home » plugins » User management plugins » 'Remember me' keys are shared between apps
'Remember me' keys are shared between apps [message #63067] Tue, 14 October 2008 15:43
joostvb  is currently offline joostvb
Messages: 3
Registered: October 2008
Junior Member
I have two apps where I'm using sfGuardPlugin to do the authentication. One is a normal website and the other one is the mobile version of the same website.
Both sites use the same user database.
I would like to be able to use the 'remember me' feature on both apps/sites. I have configured both sites to do so and all works fine except that a user can't have 'remember me' active on both sites.
This is because of the following piece of code in plugins/sfGuardPlugin/lib/user/sfGuardSecurityUser.class.php (signIn() function):

      // remove other keys from this user
      $c = new Criteria();
      $c->add(sfGuardRememberKeyPeer::USER_ID, $user->getId());

This removes all 'remember me' keys for this user.

The solution is pretty simple. I would suggest to add an extra 'site' column to the 'remember me' table that keeps track of which site a certain key belongs to.
In the signIn() function you should only remove the keys of the current user that belong to the current site.
We could take the cookie name as 'site name', but by configuring the 'site name' through app.yml, you could make two sites (apps) share the same 'remember me' keys just by configuring the same 'site name'.

I can't imagine that no one had this problem before me. Maybe I have overlooked it?
Are there other people having the some problem? If so, I will submit my changes as a patch. Or perhaps create a behavior for it.

Previous Topic:Problems with redirection and sfGuard for Symfony 1.1
Next Topic:propel:build-sql don't generate sql file for sfGuardPlugin
Goto Forum:

powered by FUDforum - copyright ©2001-2004 FUD Forum Bulletin Board Software