#7451 Remember me option on login

v1.2.0
closed
nobody
42cc (433)
General
2015-08-20
2014-06-09
No

Allura uses cookie-based auth (potentially could be configured to something different, via the beaker.session.* values in the .ini config file). The cookie defaults to never expiring but I'd like a "remember me" checkbox (that does have an expiration, configurable server-side like 1 year). And if you don't check the checkbox, then the login session only lasts for the browser session.

I don't know if the cookie_expires field can be set dynamically (=True for not remember me, and = num seconds for remember me). Docs don't really talk about it, so I hope SessionMiddleware does have a way to support it.

Discussion

  • Igor Bondarenko

    Igor Bondarenko - 2014-07-18
    • status: in-progress --> code-review
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-07-18

    Closed #605. je/42cc_7451

     
  • Dave Brondsema

    Dave Brondsema - 2014-07-21

    So I've learned that by default Chrome and Firefox keep session cookies after closing & reopening a browser. Those can be changed with settings. Still a useful feature for us to add for IE/Safari/other users and those who have changed their Chrome/Firefox settings.

    In this implementation, I'm not comfortable with how much of SessionMiddleware.__call__ is copied into RememberLoginSessionMiddleware. There are many lines in there that aren't relevant to allura and things could break easily if beaker is upgraded in the future. It's unfortunate that SessionMiddleware doesn't have a cleaner simpler method for us to override or even monkey-patch. What other options do we have? Is it possible to use the regular SessionMiddleware, and then in our own code after it runs we check login_expires and kill the session? Or if we need to be more low-level, have a new piece of middleware that runs right after SessionMiddleware and changes the cookie headers? Something that's not so intricately coupled to SessionMiddleware internals.

    And visually I think the login form would look better if [] Remember Me was aligned with the username/password input boxes and Login button.

     
  • Dave Brondsema

    Dave Brondsema - 2014-07-21
    • status: code-review --> in-progress
    • QA: Dave Brondsema
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-07-22

    I think approach with new middleware that runs after SessionMiddleware would work best

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-07-25

    Closed #616. Force-pushed je/42cc_7451

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-07-25
    • status: in-progress --> code-review
     
  • Dave Brondsema

    Dave Brondsema - 2014-07-25
    • status: code-review --> closed
    • Milestone: limbo --> forge-jul-25
     
  • Dave Brondsema

    Dave Brondsema - 2014-07-25

    Nice. I added & updated a little bit just to make it more clear what the logic was.

     
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0