Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.6.4

Request #2765 Persistent cookies
Submitted: 2004-11-16 03:58 UTC
From: jj03 at operamail dot com Assigned:
Status: Open Package: Auth
PHP Version: 4.3.9 OS:
Roadmaps: (Not assigned)    
Subscription  
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes. If this is not your bug, you can add a comment by following this link. If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jj03 at operamail dot com
New email:
PHP Version: Package Version: OS:

 

 [2004-11-16 03:58 UTC] jj03 at operamail dot com
Description: ------------ Currently all the cookies only work for the current browser session, and there should be an optional way to use persistent cookies.

Comments

 [2005-12-24 15:22 UTC] jj04 at operamail dot com
Here's a workaround for the issue: function setExpire($time, $add = false) { @setcookie(session_name(),session_id(),time() + $time); $add ? $this->expire += $time : $this->expire = $time; }
 [2007-01-18 08:56 UTC] gserafini at gmail dot com (Gabriel Serafini)
This workaround does in fact work. I would second a request to add this very simple code fix into the package so that I don't have to manually adjust my PEAR code installation and watch out for upgrading it and breaking functionality. This simple fix increases the utility of Auth quite a bit by enabling persistent login state (very useful for users). So just another vote to have the workaround added to the file.
 [2007-03-01 15:55 UTC] tobias at baaz dot nu (Tobias Baaz)
This fix introduces a bug in IE7 (maybe others too). When logging in using the persistent option, logging out and then logging in as another user the application think you're still the other user (using the wrong sessionid). The solution I found was to kill the persistent cookie in Auth::logout() I've also included the optionality mentioned in the original bug description -- i.e. added another parameter (bool)$persistent to Auth::setExpire() I don't have too much experience with diffs, but here's the output from `diff Auth.php newAuth.php`, where Auth.php is from CVS (and I guess the one in stable too): 577a578 > * @param bool use persistent cookie or not 581c582 < function setExpire($time, $add = false) --- > function setExpire($time, $add = false, $persistent = false) 583a585,587 > if ($persistent) { > @setcookie($this->_sessionName, session_id(), $this->expire); > } 1018a1023,1025 > // Unset persistent cookie > @setcookie($this->_sesssionName, false); >
 [2007-03-04 21:18 UTC] tobias at baaz dot nu (Tobias Baaz)
Seems I used an old copy, two errors in my code (2007-03-01 15:55 UTC): * $this->_sessionName should be session_name() * When setting the cookie in setExpire, the third parameter ($this->expire) should be time()+$this->expire Diff: 577a578 > * @param bool use persistent cookie or not 581c582 < function setExpire($time, $add = false) --- > function setExpire($time, $add = false, $persistent = false) 583a585,587 > if ($persistent) { > @setcookie(session_name(), session_id(), time()+$this->expire); > } 1018a1023,1025 > // Unset persistent cookie > @setcookie(session_name(), false); >