Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remember me #17

Open
LorenzBischof opened this issue Mar 29, 2015 · 1 comment
Open

Remember me #17

LorenzBischof opened this issue Mar 29, 2015 · 1 comment

Comments

@LorenzBischof
Copy link

Hello,
After investigating how to build persistent session storage I came across this:
http://framework.zend.com/manual/1.12/en/zend.session.global_session_management.html#zend.session.global_session_management.rememberme
Is this secure? Woudn't it be better to store a hash in a cookie and authenticate with that? I am reluctant to build this myself because there are so many security issues that I would need to be aware of.

What are your thoughts on this?

Thanks

@jeremykendall
Copy link
Owner

Not a security threat, IMO, as long as you're not adding sensitive information in client side cookies. `` is an excellent tool for helping ensure your php.ini cookie settings are secure. This is especially true if you're only storing your session id in a cookie.

The example implementation is a bit ahead of the current stable version of Slim Auth and demonstrates the use of the Zend\Session remember me feature, although it's from ZF2 rather than ZF1: https://github.com/jeremykendall/slim-auth-impl/blob/master/public/index.php#L37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants