[Catalyst] Re: Persistent login
Evaldas Imbrasas
evaldas at imbrasas.com
Wed May 16 00:19:02 GMT 2007
> I do not know what you mean "lasts longer then a session" -- http is
> stateless, if you want state (such as logged in and authorized) you need
> some sort of session (cookie, uri, hiddenform,...).
I am already using standard Catalyst plugins that handle sessions and
authentication. I set sessions to expire after 1 hour of inactivity.
What I'm looking for is the ability to auto-login users when they come
back after, say, 1 week, when their previous session is long expired.
Usually, this is achieved by setting a persistent cookie (lasting for
N days) when the user logs in, and storing either user ID, username, a
random token, or a combination of all of those in an encrypted form in
that cookie. Of course, users would have to explicitly log in to
access the sensitive parts of the website.
--
-----------------------------------------------------
Evaldas Imbrasas
http://www.imbrasas.com
More information about the Catalyst
mailing list