Preserve 'remember me' choice across 2FA
Carry the login "remember me" choice through two-factor authentication by storing it in the session. When a user initially logs in, set $_SESSION['pending_remember'] = $remember; after successful 2FA, TwoFactorController checks and clears that flag and invokes a new public wrapper (createRememberTokenPublic) on AuthController to create the persistent remember token. This allows remember-me behavior to be applied only after 2FA completes.
This commit is contained in:
Hosteroid
@@ -276,7 +276,9 @@ class TwoFactorController extends Controller
|
||||
|
||||
if ($verified) {
|
||||
// Clear 2FA requirement and complete login
|
||||
$pendingRemember = !empty($_SESSION['pending_remember']);
|
||||
unset($_SESSION['2fa_required']);
|
||||
unset($_SESSION['pending_remember']);
|
||||
|
||||
// Determine which method was used
|
||||
$method = 'unknown';
|
||||
@@ -296,6 +298,12 @@ class TwoFactorController extends Controller
|
||||
'method' => $method
|
||||
]);
|
||||
|
||||
// Handle remember me (carried over from login form)
|
||||
if ($pendingRemember) {
|
||||
$authController = new \App\Controllers\AuthController();
|
||||
$authController->createRememberTokenPublic($userId);
|
||||
}
|
||||
|
||||
// Update last login timestamp
|
||||
$this->userModel->updateLastLogin($userId);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user