Simon comments

Repositories
Issues
Comments

Results 3 comments of


                                            Simon

Use a new column to log users via RememberMe, so we can force user to re-login from the application

Thanks for your solutions. I solved it using a separate Authorize class that runs before the users plugin: ``` Configure::write('Auth.authorize', [ 'ForceLogout', 'CakeDC/Auth.Superuser', 'CakeDC/Auth.SimpleRbac', ]); ``` That class checks if...

Use a new column to log users via RememberMe, so we can force user to re-login from the application

> Security issue is not a problem, as the id is encrypted by the server and even if the user know another user's id, he won't be able to inject...

Use a new column to log users via RememberMe, so we can force user to re-login from the application

To force a re-login (invalidate rememberme cookie and current session) it might also be useful, to store the current PHP session-ID in the database (if file-based session handling is used)....