Remember Token

[darthtaco]

Hi -
First thanks for your work on this. I've attempted to roll my own L5 ldap driver with varying degrees of success and this makes things much simpler.

I have a question regarding the 'remember token'. The LdapAuthUserProvider->retrieveByToken() method has a comment saying "this shouldn't bee needed as user / password is in ldap". However, I still feel there is a need to store a token in the database for when the user wants to automatically be logged in next time. Without storing it somewhere the user will not have the ability to 'remember me'. It seems this would be easy enough, but there may be a reason why it has not been implemented. I want to be sure I am using this the way it was intended and not recreate the wheel.

Any insights would be appreciated. Thanks again for your work on this.

[strebl]

Hi @darthtaco
Sorry for ignoring your question over 20 days... Had not enough time in the last few weeks.

I know what you are trying to achieve. And it would be great. As you know, I forked the package and that's something I didn't change since then. But I think I know why ccovey did that. What if you have an remember me token and the user changes his password? There is no way the application knows when the password was changed.
Maybe we can store the password change time and check that on every login!?