Posted by bjaspan on October 17, 2006 at 1:58pm
Overview
The Persistent Login module provides the familiar "Remember Me" option in the user login form. Additional security is provided by using two tokens (one long-running, one per-access) that allow the detection of unauthorized token use.
Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime. For a detailed discussion of the design and security of Persistent Login, see Improved Persistent Login Cookie Best Practice.
Features
- Control how long user logins are remembered, before a user will have to enter their credentials again.
- Control how many different persistent logins are remembered per user.
- Control which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot edit your account or change your password with just a persistent login).
- A user can clear all of his/her remembered logins via their account page.
Known Issues
- 6.x, 7.x #327263: Security warning triggered by simultaneous requests: If a user opens several pages of a website simultaneously, the first request will invalidate the token and may cause the subsequent requests to trigger the security alert.
- 7.x #1395996: It doesn't keep login when using OpenID login: OpenID logins don't provide the information required for Persistent Login to set tokens for the user.
Maintainers
GitHub Mirror
https://github.com/gapple/persistent_login
Downloads
Recommended releases
Development releases
Project Information
- Maintenance status: Actively maintained
- Development status: Maintenance fixes only
- Reported installs: 3304 sites currently report using this module. View usage statistics.
- Downloads: 40,934
- Last modified: April 5, 2013
