The status of a current page visitor is stored in
A unique token is saved as a cookie
when you log in.
A matching token is stored in the database
on a table user_tokens
for your profile on this domain on this device.
If all these tokens match up when you return to the site,
you will be automatically logged in.
Note: You should always click the option
to remove these cookies from any device,
if this device is
not a private device.
Auto-login results in a redirect page load. This has to avoid a continuous loop
where each new page attempts a new login but fails.
disable-auto-login prevents an autologin after a deliberate
logoff, which is often intended to allow users to become guests or login again as another user.
Autologin attempts are also counted to prevent looping.
For this reason the autologin PHP marks the SESSION auto-login-count
After attempting auto login.
When you submit the login form.
( See view form-login onsubmit biscuits-12y/js/biscuits-login.js )
using insert on dup UPDATE
and memberDB->getServerToken looks for the row with the token matching the cookie.
Check index on et_user_tokens allows multiple tokens per user.
Domain http://englishtap.com First check that the domain has been set up with login.
Check config.php and check to see whether $this->login = true;
login currently set to 1
Login has been configured for this domain
Check your configuration settings
You are currently logged in as Guest
When you are not logged in, for example on the first page visit of a session,
the PHP engine adds a JS function to the page ready JS code.
This extracts any saved login cookie and passes it by redirect to
The php engine detects that you have no session variables set
and assumes that you have just arrived.
In this case the engine sets up a JS function to run on document.ready called
These tokens will NOT contain any authentication information
such as passwords or usernames.
But the token will be a unique string that should match a record on the server database.
Note: if this is not a new session.
This process ends here and the previous session continues
Control is redirected to the server PHP via a URL /member/login/SERVER_TOKEN
where the matching to the database is attempted.
Note: This URL /member/login will result in the login form ( view form-login.php) if no token is in the URL
Auto login is based on cookies saved on the visitors computer.
These cookies can optionally save the username and password.
Auto-login only occurs when you visit the first page of a session.
You can clear your session and start a new session by
Every visitor has a SESSION PROFILE
Even guests will have a profile with userid = 1.
If the first page visit finds an empty session profile.
label in the engine.
This shows that the auto-login should be attempted.
( if the SESSION PROFILE exists then no auto-login is requried,
as the user is already logged on or has been assigned as a guest user. )
Add the biscuits-login.js script to the page.
( In the recent versions, all scripts in the /js directory of the application area
are added every time)
Run the js function auto-login()
This will pick up any login cookies and redirect to