Banner image


The status of a current page visitor is stored in SESSION. A unique token is saved as a cookie when you log in. A matching token is stored in the database on a table user_tokens for your profile on this domain on this device. If all these tokens match up when you return to the site, you will be automatically logged in.
Note: You should always click the option to remove these cookies from any device, if this device is not a private device.

1 - Check Tokens for this device

You are : Guest

Automatic login

To allow users muliple devices, multiple tokens are stored for a single user. Tokens stored for each device and so multiple tokens are saved per user on table et_user_tokens

2 - Controlling Autologin attempts

Auto-login results in a redirect page load. This has to avoid a continuous loop where each new page attempts a new login but fails. disable-auto-login prevents an autologin after a deliberate logoff, which is often intended to allow users to become guests or login again as another user. Autologin attempts are also counted to prevent looping. For this reason the autologin PHP marks the SESSION auto-login-count After attempting auto login.
When you submit the login form. ( See view form-login onsubmit biscuits-12y/js/biscuits-login.js )
memberDB->setServerToken using insert on dup UPDATE and memberDB->getServerToken looks for the row with the token matching the cookie. Check index on et_user_tokens allows multiple tokens per user.

3 Your current username

You are now : Guest

4 - Process

Every time you login using the login form, the system saves a unique token on the DB and a matching token as a cookie on the device you used to login.

5 - Domain login configuration

Domain First check that the domain has been set up with login. Check config.php and check to see whether $this->login = true; login currently set to 1 Login Login has been configured for this domain Check your configuration settings

6 - Auto-Login & Login Redirects

You are currently logged in as Guest
When you are not logged in, for example on the first page visit of a session, the PHP engine adds a JS function to the page ready JS code.
function setAutoLogin()
This extracts any saved login cookie and passes it by redirect to

7 - Cookie Saving - In javascript

The PHP script ajax-login.php has been DEPRECATED. Cookies are now saved in biscuits-login.js These cookies are matched with the token saved in the database.

8 - profile session checks

The php engine detects that you have no session variables set and assumes that you have just arrived. In this case the engine sets up a JS function to run on document.ready called function autoLogin()
javascript is invoked so that it can make use of any cookie tokens saved on your device.
These tokens will NOT contain any authentication information such as passwords or usernames. But the token will be a unique string that should match a record on the server database.
Note: if this is not a new session. This process ends here and the previous session continues

9 - Token & Cookie token login

Control is redirected to the server PHP via a URL /member/login/SERVER_TOKEN where the matching to the database is attempted. Note: This URL /member/login will result in the login form ( view form-login.php) if no token is in the URL

Auto login is based on cookies saved on the visitors computer. These cookies can optionally save the username and password.

Auto-login only occurs when you visit the first page of a session. You can clear your session and start a new session by Logging off.

iBiscuits LOGO

380 memberDB.php INSERT INTO et_page_visits ( vuid,vpage,vreferrer,vtime,vlang,vagent,vbot,vversion,vguest,vip) VALUES ( "1","","Unknown","1534616673","","CCBot/2.0 (","","biscuits-12y","","") ON DUPLICATE KEY UPDATE vuid = "1" ,vpage = "" ,vreferrer = "Unknown" ,vtime = "1534616673" ,vlang = "" ,vagent = "CCBot/2.0 (" ,vbot = "" ,vversion = "biscuits-12y" ,vguest = "" ,vip = ""
538 engine.php getContent help