Same question but about version 3.6/3.7

Not standard, but as contribution by Kristof:

http://ez.no/community/contribs/hacks/cookie_user

Regards

--paul

Nice, I was just thinking about writing something very similar

This should be integrated (and used on ez.no while we're at it

Doesn't really seem to work for me: http://ez.no/community/contribs/hacks/cookie_user#msg89198

Modified on Sunday 11 December 2005 9:37:52 pm by Gabriel Ambuehl

I've made a mistake with the extension directory name. I've uploaded a new tarball with the fix. If I have time, I will try to test and release a new version with seperate cookies per site access (already in SVN, kernel patches not modified yet) and patches for newer eZ publish versions.

I'll try it later today. Can you comment on what version it should work on?

We use it on a portal made with eZ publish 3.6.4. But I think it works with 3.6.x. Haven't tested it yet with 3.7.

Yes, it works with 3.7 (the same portal Kristof mentions, but upgraded to 3.7 on a test server)

Other extensions are broken and may need a branch for 3.7/3.8

Regards

--paul

I can report success with the tarball and 3.6.4! Thanks a lot!

Looking at it, it might make sense to encrypt the contents of the cookies?

There seems to be another bug: when clicking on logout, the cookies don't seem to get deleted and one thus stays logged in!

The usually expected behavior would likely be to really get logged out, have the cookies deleted and be asked for PW next time one comes around...

Modified on Thursday 15 December 2005 10:35:37 am by Gabriel Ambuehl

I have some days off from work so I'm not going to fix these issues immediately, but maybe you can contribute to the extension (it's in the community svn repository) by adding this functionality.

Encryption of the cookies would be safer of course.

Some hints on how to remove cookies on logout:

From kernel/user/logout.php:

include_once( "lib/ezutils/classes/ezhttptool.php" );
include_once( "kernel/classes/datatypes/ezuser/ezuser.php" );

$http =& eZHTTPTool::instance();

$user =& eZUser::instance();
$user->logoutCurrent();

$http->setSessionVariable( 'force_logout', 1 );

$ini =& eZINI::instance();
$redirectURL = $ini->variable( 'UserSettings', 'LogoutRedirect' );

return $Module->redirectTo( $redirectURL );

The session variable 'force_logout' isn't used anywehere else by the system (I've tried to find it in other files with grep). You can check on the existence of this session variable in cookieuser/login.php and if it exists, delete the login cookies and afterwards remove the session variable. I think this will work.

Good luck!

Check out the new version (1.3) of Cookie User (http://ez.no/community/contribs/hacks/cookie_user), which
- encrypts the password cookie
- disables authentication cookie checking on logout

Added this posibility to
3.9.0alpha1 (trunk rev. 16616).

Modified on Wednesday 16 August 2006 6:29:02 pm by Valentin Doroschuk