Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Stay logged in" feature #1111

Open
malnvenshorn opened this issue Jun 21, 2019 · 2 comments
Open

"Stay logged in" feature #1111

malnvenshorn opened this issue Jun 21, 2019 · 2 comments

Comments

@malnvenshorn
Copy link

I would like to be able to stay logged in. From #918 and #563 I know that I can prolong the session by modifying session.gc_maxlifetime and session.cookie_lifetime in the PHP config, but I don't think this is the preferable way. I would suggest to add a persistent cookie to identify the user and auto log him in when he revisits the site.
@jtojnar
Copy link
Member

jtojnar commented Jun 21, 2019

I think I would prefer to stop using session cookies altogether, and instead store session tokens inside a localStorage of the web app. That will be more consistent and also tie in with #1045

@malnvenshorn
Copy link
Author

From a security point of view I wouldn't recommend storing tokens inside the localstorage. Every javascript code running under the same domain can access that.

The ticket you mentioned is about read-only permission if I understand it correctly. I don't see how this is related to the use of localstorage.

@jtojnar jtojnar mentioned this issue Sep 13, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jtojnar @malnvenshorn