- **status**: code-review --> in-progress - **QA**: Dave Brondsema - **Comment**:
So I've learned that by default [Chrome](http://stackoverflow.com/questions/10617954/chrome-doesnt-delete-session-cookies) and [Firefox](https://bugzilla.mozilla.org/show_bug.cgi?id=443354) keep session cookies after closing & reopening a browser. Those can be changed with [settings](http://dalevisser.wordpress.com/2012/07/18/how-to-fix-firefox-and-chrome-default-of-retaining-session-cookies-insecurely/). Still a useful feature for us to add for IE/Safari/other users and those who have changed their Chrome/Firefox settings. In this implementation, I'm not comfortable with how much of `SessionMiddleware.__call__` is copied into `RememberLoginSessionMiddleware`. There are many lines in there that aren't relevant to allura and things could break easily if beaker is upgraded in the future. It's unfortunate that `SessionMiddleware` doesn't have a cleaner simpler method for us to override or even monkey-patch. What other options do we have? Is it possible to use the regular `SessionMiddleware`, and then in our own code after it runs we check `login_expires` and kill the session? Or if we need to be more low-level, have a new piece of middleware that runs right after `SessionMiddleware` and changes the cookie headers? Something that's not so intricately coupled to `SessionMiddleware` internals. And visually I think the login form would look better if `[] Remember Me` was aligned with the username/password input boxes and Login button. --- ** [tickets:#7451] Remember me option on login** **Status:** in-progress **Milestone:** limbo **Labels:** 42cc **Created:** Mon Jun 09, 2014 05:08 PM UTC by Dave Brondsema **Last Updated:** Fri Jul 18, 2014 08:51 AM UTC **Owner:** nobody Allura uses cookie-based auth (potentially could be configured to something different, via the `beaker.session.*` values in the `.ini` config file). The [cookie defaults to never expiring](http://beaker.readthedocs.org/en/latest/configuration.html#session-options) but I'd like a "remember me" checkbox (that does have an expiration, configurable server-side like 1 year). And if you don't check the checkbox, then the login session only lasts for the browser session. I don't know if the `cookie_expires` field can be set dynamically (=True for not remember me, and = num seconds for remember me). Docs don't really talk about it, so I hope `SessionMiddleware` does have a way to support it. --- Sent from sourceforge.net because [email protected] is subscribed to https://sourceforge.net/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
