Setting the cookie domain and path

gbirke / rememberme

A PHP library that implements secure "Remember me" cookies

MIT License

125 stars 30 forks source link

Setting the cookie domain and path #13

Closed alexweissman closed 7 years ago

alexweissman commented 9 years ago

I'm using the example code to create the remember me cookie in my login route (/public/account/login):

// If the user wants to be remembered, create Rememberme cookie
if(!empty($data['rememberme'])) {
    $app->remember_me->createCookie($user->id);
} else {
    $app->remember_me->clearCookie();
}

However, the cookie is now limited in visibility to requests to /public/account/login. How can I set the cookie path here via your API?

gbirke commented 9 years ago

Just put the following line before your code (or on the line after creating the RememberMe object):

$app->remember_me->getCookie()->setPath("/");

Thanks for the question, I'll make it easier to set your own Cookie instance in version 2.

alexweissman commented 9 years ago

Yup, that's what I ended up doing. It would also be good if we could set the cookie name and other parameters in the createCookie method as well.

arvidastrom commented 7 years ago

Also if you change the path and get "saved" by the cookie it will discard previously defined paths. Or as far as I can understand.

What I've done is prior to checking the cookie with (in this example) $app->remember_me->login()

I do this to ensure that the path is still '/' after cookie is renewed.

$cookie = $app->remember_me->getCookie();
$cookie->setPath('/');
$app->remember_me->login();

That way in the authenticator it will create a new cookie with correct values. Obviously this is only happens when $remember_me is declared from multiple places.

gbirke commented 7 years ago

In Version 2.0 the default path for the cookie is now '/'