You are here

Home » API reference » Persistent Login 5

README.txt in Persistent Login 5

Same filename and directory in other branches
  1. 6 README.txt
  2. 7 README.txt
Persistent Login module

PREREQUISITES

Drupal 4.7 or 5.0 (be sure to use the correct version)

OVERVIEW

The Persistent Login module provides the familiar "Remember Me" option
in the user login form.

INSTALLATION

1.  Install and activate Persistent Login like every other Drupal module.

2.  For maximum security, edit your settings.php file so PHP session
    cookies have a lifetime of the browser session:

    ini_set('session.cookie_lifetime',  0);

3.  Visit admin >> settings >> persistent_login to set how long
    persistent sessions should last and which pages users cannot
    access without a password-based login.

UPGRADING

Because Persistent Login interacts with the user login process, some
caution is required when upgrading it to a new version.

1.  Log in as Administrator.

2.  Visit administer >> settings and open the Site Maintenance box.
    Select "Off-line" and press Save configuration.  This is so users
    do not receive any error messages before the upgrade is complete.

3.  Install the new Persistent Login module files.

4.  Visit http://yoursite/update.php to update the Persistent Login
    database schema if necessary (you should do this every time you
    upgrade any module).

5.  Return to administer >> settings >> Site Maintenance and put your
    site back online.

NOTE: If update.php shows a version update for Persistent Login, all
currently remembered login sessions for all users may be lost.
Everyone will have to log in again with their username and password.

DESCRIPTION

The Persistent Login module provides the familiar "Remember Me" option in
the user login form.

The module's settings allow the administrator to:

- Control how long user logins are remembered.

- Control which pages a remembered user can or cannot access without
  explicitly logging in with a username and password (e.g. you cannot
  edit your account or change your password with just a persistent
  login).

Each user's 'my account' view tab gives them option of explicitly
clearing all of his/her remembered logins.

Persistent Login is independent of the PHP session settings and is
more secure (and user-friendly) than simply setting a long PHP session
lifetime.  For a detailed discussion of the design and security of
Persistent Login, see "Improved Persistent Login Cookie Best Practice"
<http://www.jaspan.com/improved_persistent_login_cookie_best_practice>.

TO DO

- Define 'allow persistent login' permission so some roles can be
  prevented from using it.
- Allow modules to specify paths that require a full login.  A normal
  hook won't work for this because not all modules are loaded during
  hook_init when Persistent Login makes this decision.


AUTHOR

Barry Jaspan
firstname at lastname dot org

File

README.txt
View source 
  1. 

  2. Persistent Login module

  3. 

  4. PREREQUISITES

  5. 

  6. Drupal 4.7 or 5.0 (be sure to use the correct version)

  7. 

  8. OVERVIEW

  9. 

  10. The Persistent Login module provides the familiar "Remember Me" option

  11. in the user login form.

  12. 

  13. INSTALLATION

  14. 

  15. 1.  Install and activate Persistent Login like every other Drupal module.

  16. 

  17. 2.  For maximum security, edit your settings.php file so PHP session

  18.     cookies have a lifetime of the browser session:

  19. 

  20.     ini_set('session.cookie_lifetime',  0);

  21. 

  22. 3.  Visit admin >> settings >> persistent_login to set how long

  23.     persistent sessions should last and which pages users cannot

  24.     access without a password-based login.

  25. 

  26. UPGRADING

  27. 

  28. Because Persistent Login interacts with the user login process, some

  29. caution is required when upgrading it to a new version.

  30. 

  31. 1.  Log in as Administrator.

  32. 

  33. 2.  Visit administer >> settings and open the Site Maintenance box.

  34.     Select "Off-line" and press Save configuration.  This is so users

  35.     do not receive any error messages before the upgrade is complete.

  36. 

  37. 3.  Install the new Persistent Login module files.

  38. 

  39. 4.  Visit http://yoursite/update.php to update the Persistent Login

  40.     database schema if necessary (you should do this every time you

  41.     upgrade any module).

  42. 

  43. 5.  Return to administer >> settings >> Site Maintenance and put your

  44.     site back online.

  45. 

  46. NOTE: If update.php shows a version update for Persistent Login, all

  47. currently remembered login sessions for all users may be lost.

  48. Everyone will have to log in again with their username and password.

  49. 

  50. DESCRIPTION

  51. 

  52. The Persistent Login module provides the familiar "Remember Me" option in

  53. the user login form.

  54. 

  55. The module's settings allow the administrator to:

  56. 

  57. - Control how long user logins are remembered.

  58. 

  59. - Control which pages a remembered user can or cannot access without

  60.   explicitly logging in with a username and password (e.g. you cannot

  61.   edit your account or change your password with just a persistent

  62.   login).

  63. 

  64. Each user's 'my account' view tab gives them option of explicitly

  65. clearing all of his/her remembered logins.

  66. 

  67. Persistent Login is independent of the PHP session settings and is

  68. more secure (and user-friendly) than simply setting a long PHP session

  69. lifetime.  For a detailed discussion of the design and security of

  70. Persistent Login, see "Improved Persistent Login Cookie Best Practice"

  71. .

  72. 

  73. TO DO

  74. 

  75. - Define 'allow persistent login' permission so some roles can be

  76.   prevented from using it.

  77. - Allow modules to specify paths that require a full login.  A normal

  78.   hook won't work for this because not all modules are loaded during

  79.   hook_init when Persistent Login makes this decision.

  80. 

  81. 

  82. AUTHOR

  83. 

  84. Barry Jaspan

  85. firstname at lastname dot org