[JIRA] Commented: (NXP-7235) Provide a "Stay connected / Remember me" feature on login page

Tue, 19 Jul 2011 08:15:00 -0700 

    [ 
https://jira.nuxeo.com/browse/NXP-7235?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=98800#comment-98800
 ] 

Thierry Delprat commented on NXP-7235:
--------------------------------------

NB : we can use a simple SQL Directory on the server side for storing tokens
NB2 : if we do it like that (i.e. not storing password in the cookie), this 
could become a built-in feature

> Provide a "Stay connected / Remember me" feature on login page
> --------------------------------------------------------------
>
>                 Key: NXP-7235
>                 URL: https://jira.nuxeo.com/browse/NXP-7235
>             Project: Nuxeo Enterprise Platform
>          Issue Type: New Feature
>    Affects Versions: 5.4.2
>            Reporter: Bilbo Ima
>         Attachments: auth-contrib.xml, ImaFormAuthenticator.java, login.jsp
>
>
> The aim of this feature is to stay connected, even if the user closes her 
> browser: a checkbox "Stay connected/Remember me" will be added on the login 
> page
> This contribution contains:
> * a class {{ImaFormAuthenticator}} that extends {{FormAuthenticator}} and 
> implements NuxeoAuthenticationPluginLogoutExtension
> * a configuration file {{/OSGI-INF/auth-contrib.xml}} (with a dependency on 
> org.nuxeo.ecm.platform.ui.web.auth.defaultConfig)
> * a custom login page {{nuxeo.war/login.jsp}} based on the standard 
> {{login.jsp}} and add a checkbox "Remember me" (need to fill 
> messages_XX.properties for each language)
> The declaration of {{ImaFormAuthenticator}} in {{/OSGI-INF/auth-contrib.xml}} 
> uses the parameters from {{FormAuthenticator}}, LoginPage, UsernameKey, 
> PasswordKey, and adds some new ones:
> - RemembermeKey: name of the checkbox "Remember me" in the login page
> - AuthCookieName: name of the cookie 
> - AuthCookieDuration: cookie duration
> - AuthCookieDurationRefresh: 
>  ** true to extend cookie duration every time a page is loaded
>  ** false otherwise, in that case the cookie will expire if there is no 
> reconnection
> Caution:
> * username and password are encoded (not crypted) in the cookie (encoding of 
> {{UserIdentificationInfo}} object with {{org.nuxeo.common.utils.Base64}})
> * the cookie is independant of the IP address of the client (the user will 
> stay connected even if she changes of wireless network with her notebook, but 
> this mechanism exposes itself to cookie theft)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

Reply via email to