Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.

[PATCH]automatic logon to OSM site #1030

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 9 comments
Closed

[PATCH]automatic logon to OSM site #1030

openstreetmap-trac opened this issue Jul 23, 2021 · 9 comments

Comments

@openstreetmap-trac
Copy link

Reporter: paul[at]wilsononline.id.au
[Submitted to the original trac issue database at 8.09pm, Thursday, 10th July 2008]

could we allow automatic logon to the OSM website..
presumably the site could just use the current cookies and the userids profile page just needs to be updated to give user an option to logon automatically.

@openstreetmap-trac
Copy link
Author

Author: chippy
[Added to the original trac issue at 6.56pm, Friday, 27th February 2009]

The above remember_me.patch (rails_port_branches/api06/) allows a user to log onto the website via setting a cookie. On login page, a checkbox is added labelled "remember me", If this is checked, the user logins and later closed the browser, closing the session, the user can login later automatically using the cookie.
Clicking "logout" deletes that cookie value, and the user has to log in manually as before.
Default cookie remember time is 2 weeks.

@openstreetmap-trac
Copy link
Author

Author: paul[at]wilsononline.id.au
[Added to the original trac issue at 10.47pm, Friday, 27th February 2009]

can we make default remember 5 weeks (eg 1 month)

@openstreetmap-trac
Copy link
Author

Author: grand.edgemaster[at]gmail.com
[Added to the original trac issue at 4.58pm, Wednesday, 6th May 2009]

I've just realised a patch had been written, I'd been hitting a brick wall trying to work out how rails handled cookies for weeks in late Feb/March, trying to write this feature, I should have just looked at trac!

@openstreetmap-trac
Copy link
Author

Author: tom[at]compton.nu
[Added to the original trac issue at 11.16pm, Wednesday, 6th May 2009]

It's ridiculously complicated though - all we need to do is set the expiry on the existing cookie surely?

@openstreetmap-trac
Copy link
Author

Author: chippy2005[at]gmail.com
[Added to the original trac issue at 11.45am, Thursday, 7th May 2009]

There could be some simplifications:
The four methods in the User model could be unfactored back into two.
The little check box on the login view could be removed along with a couple of lines in user_controller that deals with it but this would take away the ability for a user not to let the cookie log them in automatically.

@openstreetmap-trac
Copy link
Author

Author: tom[at]compton.nu
[Added to the original trac issue at 11.48am, Thursday, 7th May 2009]

The checkbox is fine, it's all the backend behind it that seems wrong to me.

We already have a browser cookie with a session ID that tells us who the user is, so why do we need a new cookie and new database columns to track that token? Why not just set the expiry on the existing session cookie?

@openstreetmap-trac
Copy link
Author

Author: chippy
[Added to the original trac issue at 1.35pm, Thursday, 7th May 2009]

Mainly because we use sql_session_store to store sessions, and sessions are meant to expire when the browser is closed afaik, so we wouldn't be able to use the session ID, as it no longer exists. We can increase session expiry for this session storage option, but from what I gather, it would affect all users.
So, we need to use something to authenticate a user based on a cookie that hangs around after the browser is closed and session ends, and we need to check to make sure that the cookie matches up with the specified user, the user has set themselves to be remembered, and that the cookie hasn't expired.

@openstreetmap-trac
Copy link
Author

Author: tom[at]compton.nu
[Added to the original trac issue at 1.38pm, Thursday, 7th May 2009]

There is no particular reason why sessions have to expire when the browser is closed - that's just the way it is at present.

Yes I know, from looking at Edgemaster's patch, that there is an issue with there only being a global setting, but that just means we need to do some monkey patching or something ;-) Actually we have sql_session_store in our repo now so we just can just flat out patch it if we want.

@openstreetmap-trac
Copy link
Author

Author: tomhughes
[Added to the original trac issue at 4.50pm, Thursday, 25th February 2010]

(In [20147]) Add a "remember me" box to the login screen that causes you to stay
logged in across browser restarts - you will only be logged out if you
don't visit for a month. Closes #1030.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant