Cookie or client-based login token ?

causefx / iDashboard-PHP

HTPC Dashboard to load website services, written in PHP

MIT License

124 stars 20 forks source link

Cookie or client-based login token ? #12

Closed krptg closed 8 years ago

krptg commented 8 years ago

Hi,

It seems that on my computer if I don't specifically logout from the dashboard, I can access the password protected tabs from any foreign network. Is the login token stored on a cookie or is it server based ? If so is it possible to set some kind of timeout to be sure that after any idle time my dash will always be password protected ?

causefx commented 8 years ago

Hi @lgromb currently the cookie is stored on the clients browser for 7 days. I'm in the process of adding a few feature and I will be sure to include the ability to change the length of the cookie,

If you would like to modify it yourself, open up settings.php and edit this line:

//Cookies anyone? setcookie("logged", $_POST["password-0"], time() + (86400 * 7), "/");

change the "7"

krptg commented 8 years ago

Hi thanks for the workaround :)

I was just worried that once you login onto the dash somewhere, it stay logged in for anybody from any network. Thanks mate, thanks for the good work and cheers :)

causefx commented 8 years ago

Ah, no worries. I'm glad you like it.