#7451 Remember me option on login
Allura uses cookie-based auth (potentially could be configured to something different, via the beaker.session.* values in the .ini config file). The cookie defaults to never expiring but I'd like a "remember me" checkbox (that does have an expiration, configurable server-side like 1 year). And if you don't check the checkbox, then the login session only lasts for the browser session.
I don't know if the cookie_expires field can be set dynamically (=True for not remember me, and = num seconds for remember me). Docs don't really talk about it, so I hope SessionMiddleware does have a way to support it.
Closed #605.
je/42cc_7451So I've learned that by default Chrome and Firefox keep session cookies after closing & reopening a browser. Those can be changed with settings. Still a useful feature for us to add for IE/Safari/other users and those who have changed their Chrome/Firefox settings.
In this implementation, I'm not comfortable with how much of
SessionMiddleware.__call__is copied intoRememberLoginSessionMiddleware. There are many lines in there that aren't relevant to allura and things could break easily if beaker is upgraded in the future. It's unfortunate thatSessionMiddlewaredoesn't have a cleaner simpler method for us to override or even monkey-patch. What other options do we have? Is it possible to use the regularSessionMiddleware, and then in our own code after it runs we checklogin_expiresand kill the session? Or if we need to be more low-level, have a new piece of middleware that runs right afterSessionMiddlewareand changes the cookie headers? Something that's not so intricately coupled toSessionMiddlewareinternals.And visually I think the login form would look better if
[] Remember Mewas aligned with the username/password input boxes and Login button.I think approach with new middleware that runs after
SessionMiddlewarewould work bestClosed #616. Force-pushed
je/42cc_7451Nice. I added & updated a little bit just to make it more clear what the logic was.