Remember me with cakephp Auth Login
I don't really understand your nested function login()
, but I assume it is just sample from your /users/login
action, so let me rewrite the beforeFilter
method to redirect your user to /users/userhome
if he hits your domain and is logged in using cookie:
public function beforeFilter() {
$this->Cookie->httpOnly = true;
if (!$this->Auth->loggedIn() && $this->Cookie->read('rememberMe')) {
$cookie = $this->Cookie->read('rememberMe');
debug($cookie); // no need to echo it, debug function does that already
$this->loadModel('User'); // If the User model is not loaded already
$user = $this->User->find('first', array(
'conditions' => array(
'User.username' => $cookie['username'],
'User.password' => $cookie['password']
)
));
if ($user && !$this->Auth->login($user['User'])) {
$this->redirect('/users/logout'); // destroy session & cookie
} else {
$this->redirect($this->Auth->redirectUrl()); // redirect to Auth.redirect if it is set, else to Auth.loginRedirect ('/users/userhome') if it is set, else to /
}
}
}
FYI: $this->Auth->redirect()
is deprecated as of 2.3, use $this->Auth->redirectUrl()
instead
About the implementation of Remember Me using AuthenticationPlugin's Cookie Authenticator
You're not supposed to load authenticators in your controllers, authentication happens at middleware level, before any of your controllers are being invoked.
The cookie authenticator is ment to be loaded and configured just like any other authenticator, that is where you create the authentication service, usually in Application::getAuthenticationService()
in src/Application.php
.
By default the field in the form must be remember_me
, not rememberMe
, that is unless you would configure the cookie authenticator's rememberMeField
option otherwise.
Furthermore the default cookie name of the cookie authenticator is CookieAuth
, so if you wanted to encrypt it, you'd have to use that name in the EncryptedCookieMiddleware
config accordingly.
tl;dr
Remove all cookie related code from your controller, and load the authenticator in your Application::getAuthenticationService()
method:
use Authentication\Identifier\IdentifierInterface;
// ...
public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
{
$service = new AuthenticationService();
// ...
// The cookie authenticator should be loaded _after_ the session authenticator,
// and _before_ other authenticators like the form authenticator
$service->loadAuthenticator('Authentication.Cookie', [
// 'rememberMeField' => 'custom_form_field_name', // if you want to change the default
'fields' => [
IdentifierInterface::CREDENTIAL_USERNAME => 'mail',
IdentifierInterface::CREDENTIAL_PASSWORD => 'password',
],
]);
// ...
return $service;
}
set the authentication cookie name in the EncryptedCookieMiddleware
config:
$cookies = new EncryptedCookieMiddleware(
['CookieAuth'],
Configure::read('Security.cookieKey')
);
and change the field name in your form to remember_me
if you're using the cookie authenticator's defaults:
echo $this->Form->control('remember_me', [
'type' => 'checkbox'
]);
That's all that should be required, if you tick the checkbox in your login form, then the authentication middleware will set a cookie after successful authentication accordingly, and it will pick up the cookie if it's present on a request and no other authenticator successfully authenticates the request first (like the session authenticator for example).
How to implement Remember me in CakePHP?
Check this ready to use solution AutoLoginComponent and docs.
Related Topics
Comma-Separated String to Array
PHP How to Retrieve Array Values
How to Run Multiple Insert Query in SQL Using PHP in One Go
MySQL - Insert Date Range into Date Columns If Dates Don't Overlap with Existing Ones
MySQL Select from Tables Based on Multiple Rows
How to Do Multiple SQL Statements in One MySQL_Query
Get Repeated Matches with Preg_Match_All()
Fatal Error - 'Mongo' Class Not Found
Sort Array in PHP by Value and Maintain Index Association
Format Text in Excel File via PHP
Codeigniter Sessions Not Working After Migration
Checking If Process Still Running
Best Way to Avoid Code Injection in PHP
What Is the Best Practice to Use When Using PHP and HTML
Getting All Values from H1 Tags Using PHP
Deny Ajax File Access Using Htaccess
Malformed Utf-8 Characters, Possibly Incorrectly Encoded' in Laravel