If a user selects a persistent login, a long, random token is generated and stored in the cookie called "elggperm", and a hash of the token is stored in the DB. If the user's PHP session expires, the session boot sequence will try to log the user in via the token in the cookie. Before Elgg 1.9, the token hashes were stored as "code" in the users_entity table. In Elgg 1.9, the token hashes are stored as "code" in the users_remember_me_cookies table, allowing multiple browsers to maintain persistent logins.
PersistentLoginService Class Documentation
Beispiel #1
0
 function testLegacyCookiesAreReplacedInDbCookieAndSession()
 {
     $this->svc = $this->getSvcWithCookie(str_repeat('a', 32));
     $this->dbMock->expects($this->atLeastOnce())->method('deleteData');
     $this->dbMock->expects($this->once())->method('insertData');
     $this->svc->replaceLegacyToken($this->user123);
     $this->assertSame($this->mockToken, $this->lastCookieSet->value);
     $this->assertSame($this->mockToken, $this->session->get('code'));
 }