Auto Login System inside Godot

:information_source: Attention Topic was automatically imported from the old Question2Answer platform.
:bust_in_silhouette: Asked By Zeero
:warning: Old Version Published before Godot 3 was released.

Is there a way to use PHP sessions on Godot? I did a login system that works, but I want to implement a remember me function or auto login, that could be done trought PHP sessions/cookies or something like that, but requests don’t keep these PHP things and I can’t find a way to securely save login info on user’s pc to use when starting the game, anyone have any idea about this?

Anything that could login without needing to always type login info works.
(I don’t want to use Facebook, Google or external logins for now)

You could usually do this by storing a file on the user’s PC (a real file, like you would do with savegames), it’s a simple way to remember logins, no need for PHP, though passwords should be given extra care.

I’d be curious to know what you are connecting to, is it a Godot game server? Is it an HTTP server? (remember Godot isn’t a web browser)

Zylann | 2017-11-23 19:37

I’m using a HTTP server, so for sure Godot don’t keep $_COOKIE and $_SESSION as you mentioned because it isn’t a browser (but would be great if it could keep cookies and session stuff like a browser while connecting). The problem with a file on the user’s PC is that you could actually move this file to other computer and access someone else’s account, I’m trying to avoid this. If only on Desktop there was a PC Unique ID, this could be achieved.

I kinda solved it by adding a database sessions table, when you tap Remember Me, I do a hash of user’s email+extra-encrypted password and store at user computer and send it together with a hash of some IP info, and store it together with the userID given by email+pass, so when I try to login, I check the file hash with the email+pass hash from server, together with the user IP info hash, with this, if the user changes it’s password, it don’t auto log in.

Zeero | 2017-11-24 14:26

The problem with a file on the user’s PC is that you could actually move this file to other computer and access someone else’s account

Cookies are just files too, so they would not solve this problem. I guess same for sessions if you save the session ID in a file (there is no other way to make it persistent, apart from remembering IP on server maybe…). In fact, as long as you save a file, moving it to another computer would allow another one to connect to your account (unless something else is sent along with it). But heh, same story with your internet browser. If you don’t trust the safety of your filesystem you’re doomed anyways^^

If only on Desktop there was a PC Unique ID, this could be achieved.

There is an API for this: http://docs.godotengine.org/en/latest/classes/class_os.html?highlight=get_unique_id#class-os-get-unique-id
But it’s not implemented everywhere, if you know how you could contribute.

Zylann | 2017-11-24 18:10

Yeah I know about that, I think that MAC would be enough, even being able to change it, it’s not something one does often, could be useful for Desktop Unique ID, but meh :confused:

Thanks for the tips too!

Zeero | 2017-11-24 19:34