[
https://jira.codehaus.org/browse/MRM-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=346924#comment-346924
]
Sascha Vogt commented on MRM-1841:
----------------------------------
Ahh, now I get it.
I thought of something like that:
1. If remember-me is selected the server generates an auth-token (optionally
bound to the IP address of the client)
2. This token is stored in a cookie with the TTL of how long rememberme should
work
3. If the sessionid is no longer valid or you closed the browser, the frontend
authenticates with the token from the cookie and gets a new session
3. a) For LDAP the server would also need to check if the user is still a valid
one, so it should search LDAP and check if the account is locked or expired
4. In the UI this is as you would have never logged out.
This is IIRC how it was in Archiva 1.3 and also how most of the other tools /
sites do it.
For keeping the user data pre filled: Every supported browser has already a
password manager for that, so not of much use implementing that again. And the
password manager is usually better protected than a cookie anyway.
> "Remember me" not working
> -------------------------
>
> Key: MRM-1841
> URL: https://jira.codehaus.org/browse/MRM-1841
> Project: Archiva
> Issue Type: Bug
> Affects Versions: 2.0.1
> Reporter: Sascha Vogt
> Assignee: Olivier Lamy
> Fix For: 2.1.0
>
>
> The remember me feature doesn't seem to work. I get logged out quite
> frequently (didn't use a stopwatch, but about 10-15 minutes of inactivity are
> sufficient to log me out)
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
