Accounts package loginExpirationInDays option not working

[bradvogel]

_5 Upvotes_ According to the docs at http://docs.meteor.com/#/full/accounts_config, the code:

Accounts.config({
    loginExpirationInDays: null
});

should disable login token expiration. However, I'm not sure this is working locally for me. After looking into the code briefly, it looks like line https://github.com/meteor/meteor/blob/master/packages/accounts-base/accounts_common.js#L170 should include check for null explicitly like what is done on the server-side here: https://github.com/meteor/meteor/blob/master/packages/accounts-base/accounts_server.js#L879

Is that a bug?

[bradvogel]

Additionally, it looks like the function https://github.com/meteor/meteor/blob/master/packages/accounts-base/accounts_common.js#L170 is called synchronously when the app boots up, unsetting the login token (using the default loginExpirationInDays value of 90 days), before my Accounts.config() call has even been run. Shouldn't this be on a defer to wait for Accounts.config() to be called?

[bradvogel]

Also filed https://forums.meteor.com/t/anyone-using-the-loginexpirationindays-null-accounts-option-to-disable-auto-logout/9640

[benjamn]

This looks like a real bug that would be worth fixing. Thanks for the report!

[bradvogel]

Ping @benjamn @stubailo . Would be great to fix this :)

[psyfreak]

+1

[svda]

+1

[CTimmerman]

I managed to set the meteor_login_token cookie to end with the browser session, but next start it gets set again from localStorage. If i delete localStorage["Meteor.loginToken"] then the cookie disappears as well and the login is gone.

[khell]

It would be really appreciated if this could be fixed!

[bradvogel]

+1 This is a big issue for us (Mixmax)

[lorensr]

Haha you're keeping an upvote tally @ top? Count me in 😊

[redreamality]

any updates？

[redreamality]

BTW will this plugin work?
https://atmospherejs.com/mbanting/cordova-accounts-resume

[bradvogel]

Bump on this. This is really bad.

[Sivli-Embir]

+1

[leizard]

+1

[Sivli-Embir]

+1 (sorry forgot I had already bumped)

[mattiLeBlanc]

I know it is a slight variation, but it would be nice to configure the expiry in minutes too!
I want the session to expire (financial product) more aggressively and it is very hard to do this right now.

[ntoepker]

temporary bugfix: set services.resume.loginTokens.when in the user object to a future date to achieve that the login doesn't expire

[glasser]

I agree that there is a bug here. One workaround would be to set loginExpirationInDays to a very large number like 365*30 (30 years) rather than null.

[SimonSimCity]

@mattiLeBlanc Please vote for meteor/meteor-feature-requests#119