Feature #30378

Cookie authentication

Added by Adrian Föder over 5 years ago. Updated about 5 years ago.

Status:Closed Start date:2011-09-28
Priority:Could have Due date:
Assigned To:- % Done:


Target version:-
PHP Version: Complexity:
Has patch:No


It would be nice having a proof cookie authentication possibility on board. I did a bit of research and found the following blog entry:


Briefly said, this idea sets a cookie of form

username + ':' + timestamp + ':' + HMAC(username + ':' + timestamp)

Whenever a request arrives having this cookie set and of course matching the hash, the user is considered authenticated.
The most interesting thing is that the cookie is re-set after e.g. 10 minutes, so that hijacking this cookie is limited to a time window of 10 minutes.
Vice versa this means that an expired timestamped cookie is disregarded.

As I need this functionality for my project, I would be delighted to write this; but I think I need some kind of mentor that takes me by the hands, even to discuss some things.

What do you mean?

Related issues

related to TYPO3.Flow - Feature #46063: Implement username password provider with "remember me" p... New 2013-03-06
related to TYPO3.Flow - Feature #56744: stay logged in New 2014-03-11


#1 Updated by Adrian Föder over 5 years ago

  • Assigned To deleted (Adrian Föder)

Sorry, I completely missed the thing; what is described above is a kind of session login handling which FLOW3 supplies anyway.

Well, here I found another article that seems to be very interesting:

#2 Updated by Karsten Dambekalns about 5 years ago

  • Status changed from New to Closed
  • Has patch set to No

Also available in: Atom PDF