Banner image
Content / help / login-auto .. concise-view << previous next >>


A unique token is saved as a cookie when you log in. A matching token is stored on a table user_tokens for your profile on this domain on this device. If all these tokens match up when you return to the site, you will be automatically logged in.
Note: You should always click the option to remove these cookies from any device, if this device is not a private device.


Domain login configuration

First check that the domain has been set up with login. Check config.php and check to see whether $this->login = true;
  1. Domain
  2. Login Login has been configured for this domain
  3. Check your configuration settings

Every time you login using the login form, the system saves a unique token on the DB and a matching token as a cookie on the device you used to login.

Auto-Login & Login Redirects

When you are not logged in, for example on the first page visit of a session, the PHP engine adds a JS function to the page ready JS code.
function setAutoLogin()
This extracts any saved login cookie and passes it by redirect to

Cookie Saving - In javascript

The PHP script ajax-login.php has been DEPRECATED. Cookies are now saved in biscuits-login.js These cookies are matched with the token saved in the database.
  1. The php engine detects that you have no session variables set and assumes that you have just arrived. In this case the engine sets up a JS function to run on document.ready called function autoLogin()
    javascript is invoked so that it can make use of any cookie tokens saved on your device.
    These tokens will NOT contain any authentication information such as passwords or usernames. But the token will be a unique string that should match a record on the server database.
    Note: if this is not a new session. This process ends here and the previous session continues
  2. Control is redirected to the server PHP via a URL /member/login/SERVER_TOKEN where the matching to the database is attempted. Note: This URL /member/login will result in the login form ( view form-login.php) if no token is in the URL
  3. The tokens are checked ENGINE->memberDB->loginAttempt($username, $password, $token); checks the tokens that were previously created by ENGINE->memberDB->createServerToken() (This only generated a unique token string )
    ENGINE->memberDB->setServerToken() saves the generated token to the DB

Your current username

You are now :
You can log in :
  1. Using the Login Form
You should logoff first
The cookie is updated with a new token value every time you submit the login form. js loginSaveCookies()
A fault was discovered with this token cookie. If you login on another device, the new token will match this new device but the old device will still have a cookie that no longer matches your server_token.

A successful auto-login will take you to a recent page and show your username at the top of the page.

Auto login is based on cookies saved on the visitors computer. These cookies can optionally save the username and password.

Auto-login only occurs when you visit the first page of a session. You can clear your session and start a new session by Logging off.

  • Every visitor has a SESSION PROFILE
    Even guests will have a profile with userid = 1.
  • If the first page visit finds an empty session profile. see this->sessionStart(); label in the engine. This shows that the auto-login should be attempted.
    ( if the SESSION PROFILE exists then no auto-login is requried, as the user is already logged on or has been assigned as a guest user. )
  • Add the biscuits-login.js script to the page.
    ( In the recent versions, all scripts in the /js directory of the application area are added every time)
  • Run the js function auto-login()
    This will pick up any login cookies and redirect to /member/login/
Website by Ibiscuits