Better Configuration and Conditional Token Cookie Creation

This release adds more configuration options and simplifies creating token cookies conditionally, such as when a "remember me"-button is checked. The API has slightly changed: CookieTokenComponent::setCookie now takes as parameter the user id, rather than the user entity.

Token Cookie Exposure Minimization Made Optional

The token cookie exposure minimization behavior is now configurable. Minimization requires two redirects at the start of each session: one to the authentication page, and one back. The token cookies are only sent by the browser on the authentication page, thereby minimizing their exposure.

Besides increasing initial site loading times, this may cause compatibility issues with other aspects of the CakePHP application. Therefore, it may be desirable to lose some security over increased usability.

Better Redirects and Routing

Improved redirects and routing implementation. Aimed at CakePHP 3.4, with backwards compatibility for older 3.x versions.

Automatically Generate Token Cookies

Token cookies are now generated automatically. In most cases, it is no longer necessary to manually start the generation of a new token cookie.

Support Custom User Model Configurations

Custom user model configurations (through the fields=>username and userModel parameters) are now supported.

Support Applications Not in the Root Directory

Redirection for cookie authentication now works as expected for applications that are not in the root directory.

Minimize Cookie Exposure

Cookie exposure minimization has been added. Authentication cookies are now only sent once per session. Other improvements include database schema optimizations.

First Release

First release of CookieTokenAuth. Allows long-term login sessions for users using cookies. Sessions are identified by two variables: a random series variable, and a token.