[PATCH]automatic logon to OSM site #1030
Comments
Author: chippy The above remember_me.patch (rails_port_branches/api06/) allows a user to log onto the website via setting a cookie. On login page, a checkbox is added labelled "remember me", If this is checked, the user logins and later closed the browser, closing the session, the user can login later automatically using the cookie. |
Author: paul[at]wilsononline.id.au can we make default remember 5 weeks (eg 1 month) |
Author: grand.edgemaster[at]gmail.com I've just realised a patch had been written, I'd been hitting a brick wall trying to work out how rails handled cookies for weeks in late Feb/March, trying to write this feature, I should have just looked at trac! |
Author: tom[at]compton.nu It's ridiculously complicated though - all we need to do is set the expiry on the existing cookie surely? |
Author: chippy2005[at]gmail.com There could be some simplifications: |
Author: tom[at]compton.nu The checkbox is fine, it's all the backend behind it that seems wrong to me. We already have a browser cookie with a session ID that tells us who the user is, so why do we need a new cookie and new database columns to track that token? Why not just set the expiry on the existing session cookie? |
Author: chippy Mainly because we use sql_session_store to store sessions, and sessions are meant to expire when the browser is closed afaik, so we wouldn't be able to use the session ID, as it no longer exists. We can increase session expiry for this session storage option, but from what I gather, it would affect all users. |
Author: tom[at]compton.nu There is no particular reason why sessions have to expire when the browser is closed - that's just the way it is at present. Yes I know, from looking at Edgemaster's patch, that there is an issue with there only being a global setting, but that just means we need to do some monkey patching or something ;-) Actually we have sql_session_store in our repo now so we just can just flat out patch it if we want. |
Author: tomhughes (In [20147]) Add a "remember me" box to the login screen that causes you to stay |
Reporter: paul[at]wilsononline.id.au
[Submitted to the original trac issue database at 8.09pm, Thursday, 10th July 2008]
could we allow automatic logon to the OSM website..
presumably the site could just use the current cookies and the userids profile page just needs to be updated to give user an option to logon automatically.
The text was updated successfully, but these errors were encountered: