Marco
@runnermatthew Thanks, that’s certainly a valid point. Any idea how to solve this (other than temporarily disabling the feature during onboarding)? We could introduce an option like “has business customers...
You can disable throttling temporarily, and you can restrict it to single pages or actions in your application, e.g. by passing something like `$_GET['route'] !== 'sign_up'` to the constructor as...
Of course, you could use these conditional throttle arguments passed to the constructor to whitelist IP addresses as well, by enabling throttling only when the client’s IP address is *not*...
Oh well, you’re right, of course. Sorry! The following change, available from `v8.3.0`, should fix the problem: https://github.com/delight-im/PHP-Auth/commit/7bce546defa2bec75485d4bf1d68b72cf311c489 You might have to provide up to three `null` values before the...
Thanks again, @eypsilon! This looks good. There’s just one thing that I think could be improved: I know this is currently independent of any `Auth` instance, which may be helpful...
Thanks! Fully agree with everything you said, and that newer class looks even better.
It will be something very similar. Either a method call, as you suggested, or a new parameter somewhere. But the thing is, of course, that we might want to allow...
Allow for 'SameSite' cookie attribute and 'X-Frame-Options' header to be disabled to support framing
Disabling the `SameSite` attribute on cookies: * `vendor/delight-im/auth/src/UserManager.php` * Replace `Session::regenerate(true);` with `Session::regenerate(true, null);` * `vendor/delight-im/auth/src/Auth.php` * Replace `@Session::start();` with `@Session::start(null);` * Replace `Session::regenerate(true);` with `Session::regenerate(true, null);` * After `$cookie->setSecureOnly($params['secure']);`...
Thanks! Not sure if this solution is really the solution we need. For example, you could simply change the structure of your application code and change the sequence of calls,...
Isn’t this normal browser behavior (instead of something specific to this library)? Can you log in to two separate accounts with Facebook or Google, for example? The only way to...