Sounds nice. Zend_Auth in authenticate() do
$this->getStorage()->write($result->getIdentity()); so, you cannot controll what is written in Zend_Auth_Storage, you can opnly control how it's written. How did you inject password into play? I think storing md5($email . $pass) in cookie where pass is already encrypted is secure enough. Maybe a stupid question, but, what is 2-way encryption? Regards, Saša Stamenković On Fri, Mar 26, 2010 at 4:30 PM, Hector Virgen <[email protected]> wrote: > In one of my apps I stored the user's username and password (using 2-way > encryption) in their cookie, and only validated it when Zend_Auth reported > there was no identity (because the session expired, or the browser was > closed and re-opened). You can add more security by also storing a one-time > use token that must match in the database. The code to handle this was > placed in an early-running front controller plugin. > > The nice thing about this is you can make the cookie last for 6 months or > longer, and it will still work. > > -- > Hector > > > > On Fri, Mar 26, 2010 at 7:17 AM, Саша Стаменковић <[email protected]>wrote: > >> @Jurian Nice idea, but since Zend_Auth stores only identity, I don't think >> that information is enought to reauthenticate from cookie. >> >> @Dmitry Yes, but Zend_Session::rememberMe() sets session expiration time, >> and session expiration is not per user setting, but per server setting. >> >> Regards, >> Saša Stamenković >> >> >> >> On Fri, Mar 26, 2010 at 3:10 PM, Jurian Sluiman < >> [email protected]> wrote: >> >>> You could write a Zend_Auth_Storage_Cookie which enables you to place the >>> authentication in a cookie. Be careful to look at the possible exploits. >>> Just >>> a plain cookie without server-side validation is not safe. Still, the >>> storage >>> adapter for auth is the most simple one. >>> -- >>> Jurian Sluiman >>> CTO Soflomo V.O.F. >>> http://soflomo.com >>> >>> On Friday 26 Mar 2010 14:50:41 umpirsky wrote: >>> > I'm thinking, how to implement remember me in cookie zend style. I'm >>> using >>> > Zend_Auth with Db_Table adapter. >>> > >>> > Maybe we can contribute some component for this. I heard that Cake PHP >>> > already have one. >>> > >>> > Regards, >>> > Saša Stamenković. >>> >> >> >
