Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Preserve 'remember me' choice across 2FA

Browse Source 
Carry the login "remember me" choice through two-factor authentication by storing it in the session. When a user initially logs in, set $_SESSION['pending_remember'] = $remember; after successful 2FA, TwoFactorController checks and clears that flag and invokes a new public wrapper (createRememberTokenPublic) on AuthController to create the persistent remember token. This allows remember-me behavior to be applied only after 2FA completes.
This commit is contained in:
Hosteroid
2026-03-10 23:04:20 +02:00
parent a265a58456
commit 36abf58838
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controllers/AuthController.php
View File

@@ -156,6 +156,7 @@ class AuthController extends Controller
$_SESSION['email'] = $user['email'];
$_SESSION['role'] = $user['role'];
$_SESSION['2fa_required'] = true;
$_SESSION['pending_remember'] = $remember;
// Clear any existing session messages before redirecting to 2FA
unset($_SESSION['error']);
@@ -706,6 +707,14 @@ class AuthController extends Controller
}
}
/**
* Public wrapper for creating remember token (used by TwoFactorController after 2FA)
*/
public function createRememberTokenPublic(int $userId): void
{
$this->createRememberToken($userId);
}
/**
* Create remember me token linked to current session
*/

8
app/Controllers/TwoFactorController.php
View File

@@ -276,7 +276,9 @@ class TwoFactorController extends Controller
if ($verified) {
// Clear 2FA requirement and complete login
$pendingRemember = !empty($_SESSION['pending_remember']);
unset($_SESSION['2fa_required']);
unset($_SESSION['pending_remember']);
// Determine which method was used
$method = 'unknown';
@@ -296,6 +298,12 @@ class TwoFactorController extends Controller
'method' => $method
]);
// Handle remember me (carried over from login form)
if ($pendingRemember) {
$authController = new \App\Controllers\AuthController();
$authController->createRememberTokenPublic($userId);
}
// Update last login timestamp
$this->userModel->updateLastLogin($userId);