BoxLang 🚀 A New JVM Dynamic Language Learn More...

Remember Me

v1.0.0 Modules

RememberMe

RememberMe icon

RememberMe is a Coldbox module designed to work in conjunction with your authentication system to "remember" and automatically log in users on subsequent website visits.

Requirements

  • Lucee 5+
  • Adobe ColdFusion 2016+
  • Coldbox 6+
  • Cbauth or your own authentication provider

Installation

Within Commandbox type:

box install rememberMe

Copy over the configuration object below into your /config/Coldbox.cfc moduleSettings section.

rememberMe = {
    userServiceClass = "",
    tokenEncryptKey = "",
    days = 30
}

You will need to specify a userServiceClass that implements the method retrieveUserById(). You will also need to generate a unique encryption key that will be used when generating tokens. Hint: You can generate a valid random key by executing the following code generateSecretKey("AES", 256).

Make sure your CFML datasource has a database table with the following columns (currently tested with MSSQL Server): | column name | type | |-----------------|----------| | id | int | | createdDate | datetime | | modifiedDate | datetime | | userId | int | | selector | varchar(35)| | hashedValidator | varchar(32)| | ipAddress | varchar(45)| | userAgent | varchar(255)| | expirationDate | datetime | | lastUsedDate | datetime |

Usage

RememberMe automatically injects a remember() helper into all Coldbox interceptors. Here's an example of how you might utilize RememberMe on the Coldbox preProcess() interceptor method on an app that uses cbauth for their authentication provider:


function preProcess( event, interceptData, buffer, rc, prc ) {
    
    // if the user is not logged in, and the rememberMe cookie exists, attempt to recall the user
    if ( 
        !auth().isLoggedIn() && // <-- cbAuth method
        remember().cookieExists() 
    ) {
        
        try {
            
            // attempt to recall the user 
            // if successful, returns a user object from your `userServiceClass`
            var user = remember().recallMe();

            // verify the user exists and log them in using cbauth
            if ( user.isLoaded() ) {
                auth().login( user ); // <-- cbAuth method
            }

        // if the token is invalid, forget the user and cleanup bad cookies
        } catch( InvalidToken e ) {
            remember().forgetMe();
        }

    }

Known Issues

Sometimes the first load of an app will throw an error stating that remember cannot be found. I believe this has to do with a "chicken and egg" problem where sometimes every Coldbox dependency is loaded when the first onSessionStart() method executes. I recommend using preProcess() instead of onSessionStart() to avoid this issue for now.

Future Development Roadmap

  • Testbox integration + test-harness setup.
  • Get community feedback for improving the module and documentation.
  • Automatically create table in datasource if missing.
  • Ability to customize the table name based on config.
  • Learn how to implement building/versioning like other Coldbox modules.
  • Utilize some interceptor methods for custom behavior.
  • Add some type of database cleanup operation to purge old records

Change Log

1.0.0

Initial release. Changed the method name for retrieving users to match the interface used by cbauth. We will now use retrieveUserById() instead of getUserById().

$ box install rememberMe

No collaborators yet.
     
  • {{ getFullDate("2021-09-14T20:28:57Z") }}
  • {{ getFullDate("2024-09-20T00:07:44Z") }}
  • 838
  • 55