generate_loginkey on every login
#11
We'll definitely not re-write the authentication system for 1.8 when 2.0 development is starting...
All my plugins are available for free at MyBB Extend and on my GitHub. MyBB-Plugins.com has been closed and none of my plugins are officially maintained or supported.
Reply
#12
(2014-10-28, 09:09 PM)Pirata Nervo Wrote: We'll definitely not re-write the authentication system for 1.8 when 2.0 development is starting...

I don't think anyone was expecting the authentication system to drastically change between minor versions; my suggestion was for 2.0.
Reply
#13
Hope so Toungue
All my plugins are available for free at MyBB Extend and on my GitHub. MyBB-Plugins.com has been closed and none of my plugins are officially maintained or supported.
Reply
#14
There's a session table btw which saves everything related to sessions (ip, location etc): https://github.com/mybb/mybb/blob/featur...#L696-L712

However the loginkey isn't saved there, it's saved in the user table. Moving it to the sessions table and simply use a different loginkey for every session can probably work (though I doubt that it's possible as plugin and I haven't really looked whether that could break anything).
Support PMs will be ignored!
Reply
#15
It would at least log you out
  • after 24 hours (as sessions are only kept for that time)
  • whenever your IP changes
[Image: banner.png]
Reply
#16
(2014-10-31, 08:59 AM)StefanT Wrote: It would at least log you out

  • after 24 hours (as sessions are only kept for that time)
  • whenever your IP changes
It wouldn't store sessions as it does now, i.e. for tracking online visitors only. The stats sections would pull their information basing on timestamps as auth sessions (assigned to a user, which keeps you logged in) are meant to stay there as long as it is possible to stay logged in after submitting a single login form (even a year). The whole point is to keep track of active loginkeys on the server so they could be managed, and to make them only temporary.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#17
Why can't we just update the loginkey every time the user logs in? If you did not want your users being able to use multiple devices (what if someone else is using their account...) wouldn't this be a safe bet and easy? I'll try writing this myself but I could probably use some help xD

MyBB 1.8.7 is critical, most people won't upgrade right away when 2.0 is out, just like how many people still use 1.6.

My only question: would this break anything else?

EDIT: Still no answer? xD
Reply
#18
This thread is almost 2 years old, you're unlikely to get an answer...
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)