|'Remember me' keys are shared between apps [message #63067]
||Tue, 14 October 2008 15:43
Registered: October 2008
I have two apps where I'm using sfGuardPlugin to do the authentication. One is a normal website and the other one is the mobile version of the same website.|
Both sites use the same user database.
I would like to be able to use the 'remember me' feature on both apps/sites. I have configured both sites to do so and all works fine except that a user can't have 'remember me' active on both sites.
This is because of the following piece of code in plugins/sfGuardPlugin/lib/user/sfGuardSecurityUser.class.php (signIn() function):
// remove other keys from this user
$c = new Criteria();
This removes all 'remember me' keys for this user.
The solution is pretty simple. I would suggest to add an extra 'site' column to the 'remember me' table that keeps track of which site a certain key belongs to.
In the signIn() function you should only remove the keys of the current user that belong to the current site.
We could take the cookie name as 'site name', but by configuring the 'site name' through app.yml, you could make two sites (apps) share the same 'remember me' keys just by configuring the same 'site name'.
I can't imagine that no one had this problem before me. Maybe I have overlooked it?
Are there other people having the some problem? If so, I will submit my changes as a patch. Or perhaps create a behavior for it.