cookieTime default value and remember login

[marty_arts]

Hello guys,

at the moment I am playing with the SSI login functionality and i'm wondering which default value cookieTime has. I'm browsing the code, but didn't find the answer.

Second question. Some forums have the ability to 'remember the login' (creating a cookie) and not to.
Is it possible to give the user the choice to create that cookie or in other words 'remember the login'?

Thanks and
Best Regards
Martin

[Oldiesmann]

The default option for ssi_login is to remember the login (ie keep you logged in until you logout or delete the cookie). The "cookieTime" setting (which isn't used in SSI.php) is the "default cookie length" setting in the admin center (I think it's under "Edit Features and Options"). The default value is 60 (an hour).

With a little modification, it's pretty easy to accomplish what you want. The cookie is created regardless of which option you choose - the only difference is when the cookie expires. If you choose to stay logged in forever, the cookie is set to expire in a year (I think). Otherwise it's set to expire in the chosen amount of time (an hour, a week, etc.).

Anyway...

SSI.php

Find

Code Select Expand

</tr><tr>
<td><input type="hidden" name="cookielength" value="-1" /></td>
<td><input type="submit" value="', $txt[34], '" /></td>
</tr>

Replace

Code Select Expand

</tr><tr>
<td align="right"><b>', $txt[497], ':</b></td>
<td><input type="text" name="cookielength" size="4" maxlength="4" value="', $modSettings['cookieTime'], '"', $context['never_expire'] ? ' disabled="disabled"' : '', ' /></td>
</tr><tr>
<td align="right"><label for="cookieneverexp"><b>', $txt[508], ':</b></label></td>
<td><input type="checkbox" id="cookieneverexp" name="cookieneverexp"', $context['never_expire'] ? ' checked="checked"' : '', ' class="check" onclick="this.form.cookielength.disabled = this.checked;" /></td>
</tr>

[marty_arts]

Thanks for your fast answer!

I just tested some settings but I didn't get smf act as I want.

When you log into a phpbb forum, and do not check 'remember login' it goes like this.

• You stay logged in, until you close the browser and open it again

SMF does handle this a bit different. I can set a cookielength.

• You stay logged, until the specified time runs out
• Despite the browser was closed or not

What to do, to get the same behavior as phpbb?
(alternative idea: I set cookielength to 10 minutes, when 'remeber login' was not checked)

Besides I found an expression which makes no sense to me.
It can be found in ./Sources/LogInOut.php (SMF 1.1 RC3)

Line 150:

Code Select Expand


// Set up the cookie length.  (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || (!empty($_POST['cookielength']) && $_POST['cookielength'] == -1))
$modSettings['cookieTime'] = 3153600;
elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600))
$modSettings['cookieTime'] = (int) $_POST['cookielength'];

very confusing is this to me ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)
it turns true if the variable is bigger than 1 OR smaller than 525600
that would mean: it is true in every case!

[Oldiesmann]

You're mis-reading the code...

If they checked the "remember me" box or the cookie length is -1 (ie they chose "forever" from the quick-login box seen on the main index page), then cookieTime is set to 3153600 (about a year).

Otherwise, if the cookie length is between 1 and 525600 (approximately a week), then cookieTime is set to the specified cookie length.

It would not be possible to get the "logout when you close the browser" functionality in SMF without quite a bit of modification. phpBB does this by setting a cookie that expires immediately every time you view a page (unless you've chosen to stay logged in). Because the cookie is reset on every page view, you stay logged in until you close the browser (the cookie will be deleted when you close the browser because it has expired).

Setting the cookie length to 10 minutes doesn't solve anything - that just forces you to login again every 10 minutes.

[marty_arts]

Setting the cookie length to 10 minutes doesn't solve anything - that just forces you to login again every 10 minutes.

This is an less-than-ideal solution to me. I'm gonna give two options to my members.

• 'remember login' => login for a year
• 'don't remember login' => login for 10 minutes

But it's okay. Just wanted to know.

You're mis-reading the code...

If they checked the "remember me" box or the cookie length is -1 (ie they chose "forever" from the quick-login box seen on the main index page), then cookieTime is set to 3153600 (about a year).

Otherwise, if the cookie length is between 1 and 525600 (approximately a week), then cookieTime is set to the specified cookie length.

Yeah. I believe the code was intended to act as you described it. But please look at this line:

Code Select Expand


elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600))

(cookielength >= 1) OR (cookielength <= 525600)
it always turns to true

I think there supposed to be && instead of ||.
Do you know what I mean?

[Oldiesmann]

That only gets called if you haven't checked the "remember me" box, but I do see what you mean. I'll point that out to the developers