New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remember OTP token for hours #56
Comments
Great idea. Google has the option to remember a computer for 30 days. Maybe a feature like that will make it someday into this app as well. Verifying and storing the OTP device is performed by django-otp. See the |
We may need cookie for this ? |
If you're going to override said methods, you could also choose to set an expiry time in the session. However the session should not have a too short expiration time. Otherwise, a signed/encrypted cookie is also a good idea. |
If you have any additional questions, please let me know. |
I have implemented it in following way. I added the checkbox in AuthenticationTokenForm. |
It seems like a solid approach. You could also extend |
Ok i will try this. I will also suggest you to add this feature in master. Very minor change but solid feature. |
if you want i can do this and send you the pull request. |
I would love to have a look at your work! Since I'm looking into implementing this myself, I don't see it in your fork. |
I ended up here as I was trying to figure out how to do this and haven't had any success yet. Was this issue solved in some other way or abandoned as something the implementing developer should handle? If it's the latter, how did you lot do this? |
What do you think about this approach? 1 - Add date column to user_sessions_session called "last_validated" |
I rather not record this in the database, but some ephemeral instead (e.g. signed cookie or django session). I think a cookie would be best in this instance, scoped to the login view's path. |
(scoped to settings.LOGIN_URL). If cookie exists/is valid on the next login, token steps are skipped issue jazzband#56
👍 |
I just started a new attempt. But still WIP #352 |
I want to implement remember otp for few hours 10 hrs. Means on first attempt admin gives userid/password an then give the OTP and for next 10 hrs when admin try to login again then it asks for userid/password only and skip the OTP till the 10 hrs.
Whats the best place to implement this in codebase.
The text was updated successfully, but these errors were encountered: