BitAuth User Guide Version 1.0


BitAuth stores roles in the session (encrypted), which means if you are using CodeIgniter's default session settings, roles are stored in a cookie. I can't advise against this strongly enough. You should, at a bare minimum be encrypting the session cookie by enabling sess_encrypt_cookie in config.php. Even better, you should be using database sessions so the information is stored server-side.

Why PHP 5.3+?

As of 5.3.0, crypt_blowfish is integrated into the PHP interpreter, which means PHPass will never fall back to CRYPT_EXT_DES or md5.


Currently, you are limited to 64 roles. This is due to MySQL's limitation of 64 bits when working with bit operations. No more limitations on the number of roles!

What is NOT included?