Op Friday 22 May 2009 17:11:50 schreef bytte: > Thanks Deanna. I was hoping to gain insight from other people's solutions > as well. Anyone?
I use almost the same method. I set a cookie with the id from Zend_Session::getId(). In the db there is a table with prim. key the session id. Also the user id, ip and browser agent is stored and a bool if the ip should be locked (session only valid from that ip address). At the end I have a ttd (time to die). During login you can set this option (if the session will be valid for 1 day, 1 month, 1 year). Usually Zend_Auth has a session to check the authentication. If no identity is found, check for the cookie and match it with the database. If one found, you could restore the identity. For a password recovery: just send an email with a link to reset the password. The link will be valid for 24 hours so if another person tries to reset your password, you don't need to do anything. -- Jurian Sluiman Soflomo.com
