2014-10-28, 09:09 PM
Pages: 1 2
2014-10-29, 06:06 PM
(2014-10-28, 09:09 PM)Pirata Nervo Wrote: [ -> ]We'll definitely not re-write the authentication system for 1.8 when 2.0 development is starting...
I don't think anyone was expecting the authentication system to drastically change between minor versions; my suggestion was for 2.0.
2014-10-29, 06:17 PM
Hope so 
2014-10-31, 08:23 AM
There's a session table btw which saves everything related to sessions (ip, location etc): https://github.com/mybb/mybb/blob/featur...#L696-L712
However the loginkey isn't saved there, it's saved in the user table. Moving it to the sessions table and simply use a different loginkey for every session can probably work (though I doubt that it's possible as plugin and I haven't really looked whether that could break anything).
However the loginkey isn't saved there, it's saved in the user table. Moving it to the sessions table and simply use a different loginkey for every session can probably work (though I doubt that it's possible as plugin and I haven't really looked whether that could break anything).
2014-10-31, 08:59 AM
It would at least log you out
- after 24 hours (as sessions are only kept for that time)
- whenever your IP changes
2014-10-31, 09:10 AM
(2014-10-31, 08:59 AM)StefanT Wrote: [ -> ]It would at least log you outIt wouldn't store sessions as it does now, i.e. for tracking online visitors only. The stats sections would pull their information basing on timestamps as auth sessions (assigned to a user, which keeps you logged in) are meant to stay there as long as it is possible to stay logged in after submitting a single login form (even a year). The whole point is to keep track of active loginkeys on the server so they could be managed, and to make them only temporary.
- after 24 hours (as sessions are only kept for that time)
- whenever your IP changes
2016-09-23, 09:38 AM
Why can't we just update the loginkey every time the user logs in? If you did not want your users being able to use multiple devices (what if someone else is using their account...) wouldn't this be a safe bet and easy? I'll try writing this myself but I could probably use some help xD
MyBB 1.8.7 is critical, most people won't upgrade right away when 2.0 is out, just like how many people still use 1.6.
My only question: would this break anything else?
EDIT: Still no answer? xD
MyBB 1.8.7 is critical, most people won't upgrade right away when 2.0 is out, just like how many people still use 1.6.
My only question: would this break anything else?
EDIT: Still no answer? xD
2016-09-27, 10:47 AM
This thread is almost 2 years old, you're unlikely to get an answer...
Pages: 1 2