I have used the remember me functionality in my site using the following package : http://www.jasperrooswinkel.com/unexpected-expiration-of-zend_auth-sessions/. It is working fine. But I face a problem that, a deleted user can access accounts just because of stay signed in.
The scenario is as follows:
- User login after setting keep me logged in.
- He leave the system shut down without signing out.
- His account being deleted on that day evening.
- He takes the site on next day morning.
As he had set stay signed in, he gets his session and he could post a story and do what ever in his account without knowing the fact that his account has got deleted on previous day. Also, I have set remember for 14 days.
Any ideas how to solve this issue?
Thanks