This repository has been archived by the owner on Oct 29, 2021. It is now read-only.
'Remember me' login option #118
Labels
Comments
|
Seems like #117 discussed a bit, you'd basically set two cookies and one takes precedence over another. |
|
Thanks for the update. Should have time to look into it over the next few days. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
A common use case is to optionally remember the user beyond the current session i.e. if the user checks the 'Remember me' checkbox on the login page then we set cookieMaxAge to 30 days or similar, otherwise the cookie expires when the browser is closed.
An example implementation would have a 'global' application cookie settings with
cookieMaxAge = Nothingand on each login could setcookieMaxAge = Just $ fromInteger $ 30 * 24 * 60 * 60if the 'remember me' option was set.Currently it seems that subsequent requests will use the 'global' settings and therefore override the max age set on initial authentication. A solution would be that a cookie carries all it's own cookie settings (signed and tamper proof) and recalculates max-age and expires based on current time.
Hope I haven't overlooked anything above.
The text was updated successfully, but these errors were encountered: