+1 vote

Is there a way to use PHP sessions on Godot? I did a login system that works, but I want to implement a remember me function or auto login, that could be done trought PHP sessions/cookies or something like that, but requests don't keep these PHP things and I can't find a way to securely save login info on user's pc to use when starting the game, anyone have any idea about this?

Anything that could login without needing to always type login info works.
(I don't want to use Facebook, Google or external logins for now)

in Engine by (38 points)

You could usually do this by storing a file on the user's PC (a real file, like you would do with savegames), it's a simple way to remember logins, no need for PHP, though passwords should be given extra care.

I'd be curious to know what you are connecting to, is it a Godot game server? Is it an HTTP server? (remember Godot isn't a web browser)

I'm using a HTTP server, so for sure Godot don't keep $COOKIE and $SESSION as you mentioned because it isn't a browser (but would be great if it could keep cookies and session stuff like a browser while connecting). The problem with a file on the user's PC is that you could actually move this file to other computer and access someone else's account, I'm trying to avoid this. If only on Desktop there was a PC Unique ID, this could be achieved.

I kinda solved it by adding a database sessions table, when you tap Remember Me, I do a hash of user's email+extra-encrypted password and store at user computer and send it together with a hash of some IP info, and store it together with the userID given by email+pass, so when I try to login, I check the file hash with the email+pass hash from server, together with the user IP info hash, with this, if the user changes it's password, it don't auto log in.

The problem with a file on the user's PC is that you could actually move this file to other computer and access someone else's account

Cookies are just files too, so they would not solve this problem. I guess same for sessions if you save the session ID in a file (there is no other way to make it persistent, apart from remembering IP on server maybe...). In fact, as long as you save a file, moving it to another computer would allow another one to connect to your account (unless something else is sent along with it). But heh, same story with your internet browser. If you don't trust the safety of your filesystem you're doomed anyways^^

If only on Desktop there was a PC Unique ID, this could be achieved.

There is an API for this: http://docs.godotengine.org/en/latest/classes/class_os.html?highlight=get_unique_id#class-os-get-unique-id
But it's not implemented everywhere, if you know how you could contribute.

Yeah I know about that, I think that MAC would be enough, even being able to change it, it's not something one does often, could be useful for Desktop Unique ID, but meh :/

Thanks for the tips too!

Please log in or register to answer this question.

Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to webmaster@godotengine.org with your username.