Banner image


The status of a current page visitor is stored in SESSION. A unique token is saved as a cookie when you log in. A matching token is stored in the database on a table user_tokens for your profile on this domain on this device. If all these tokens match up when you return to the site, you will be automatically logged in.
Note: You should always click the option to remove these cookies from any device, if this device is not a private device.

You are : Guest

1 - Process Steps to Auto Login

Every time you login normally using the login form, the system saves a unique token on the DB and a matching token as a cookie on the device you used to login.
  1. show your login cookies
  2. Login again and return to check that there's a new token
  1. A token is saved every time you log in and you submit the login form, the form's onsubmit javascript biscuits-13v/js/biscuits-login.js
    memberDB->setServerToken using insert on DUPLICATE KEY UPDATE
    Autologin attempts are also counted to prevent looping. For this reason the autologin PHP marks the SESSION auto-login-count After attempting auto login.
    Auto-login results in a redirect page load. This has to avoid a continuous loop where each new page attempts a new login but fails. disable-auto-login prevents an autologin after a deliberate logoff, which is often intended to allow users to become guests or login again as another user.
    To allow users multiple devices, multiple tokens are stored for a single user. Tokens stored for each device and so multiple tokens are saved per user on table et_user_tokens
  2. When you return to the site and load your first page or when you click on the auto-login gateway, a script autoLogin() from biscuits-login.js runs. which also requires biscuits-ajax.js If the cookie token matches the a token on the database, the system will log you on as the user in that row found on the database with the same token as your cookie.

2 - Domain login configuration

Domain http://englishtap.com First check that the domain has been set up with login. Check config.php and check to see whether $this->login = true; login currently set to 0 Login No login configured for this domain

3 - Auto-Login & Login Redirects

You are currently logged in as Guest
When you are not logged in, for example on the first page visit of a session, the PHP engine adds a JS function to the page ready JS code.
function setAutoLogin()
This extracts any saved login cookie and passes it by redirect to http://englishtap.com/member/login/COOKIE_TOKEN_VALUE

4 - Cookie Saving - In javascript

The PHP script ajax-login.php has been DEPRECATED. Cookies are now saved in biscuits-login.js These cookies are matched with the token saved in the database.

5 - profile session checks

The php engine detects that you have no session variables set and assumes that you have just arrived. In this case the engine sets up a JS function to run on document.ready called function autoLogin()
javascript is invoked so that it can make use of any cookie tokens saved on your device.
These tokens will NOT contain any authentication information such as passwords or usernames. But the token will be a unique string that should match a record on the server database.
Note: if this is not a new session. This process ends here and the previous session continues

6 - Token & Cookie token login

Control is redirected to the server PHP via a URL /member/login/SERVER_TOKEN where the matching to the database is attempted. Note: This URL /member/login will result in the login form ( view form-login.php) if no token is in the URL

Auto login is based on cookies saved on the visitors computer. These cookies can optionally save the username and password.

Auto-login only occurs when you visit the first page of a session. You can clear your session and start a new session by Logging off.

Website by Ibiscuits