ssnukala
commented
9 years ago I submitted a fix, please review and let me know if that works and you can merge it to your branch.
Closed ssnukala closed 7 years ago
ssnukala
commented
9 years ago I submitted a fix, please review and let me know if that works and you can merge it to your branch.
gbirke
commented
9 years ago Thanks for pointing out this issue!
I won't merge your propesed fix since I'd rather integrate the expiration of tokens into the storage adapter interface and the authenticator. This is definitely a planned feature for the next version.
gbirke
commented
7 years ago Implemented in Version 2.0
Hi Thanks for the code. This works pretty well.
I was testing this out for my application and while testing some use cases I bumped into a potential issue, just want to bring this to your attention and see if this is intended, if not would like to propose a fix.
Here are my steps
Now I am looking to test the auto login so I manipulate the database record a little
But
So the issue here is if the token expiry date is in the past it just keeps the record forever.
So I am thinking the "AND {$this->expiresColumn} > NOW() " should be removed from the Where clause and you should check the resulting record to see if it expired, if it does then delete the record and return false.
That way we can make sure we don't leave zombie records that will never be deleted.
Please let me know if there is another use case where the "AND {$this->expiresColumn} > NOW() " is applicable.
If you look at the File option, it is just a check to see if the file is there or not, we are not looking into the file to see if it has an expiry date that is before today, but with database records we have that flexibility.
Hope this helps.