Opened 13 years ago
Last modified 10 years ago
#354 closed defect
Option to stay logged in — at Version 4
| Reported by: | Jef van Schendel | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.5.0 |
| Component: | programming | Keywords: | |
| Cc: | Parent Tickets: |
Description (last modified by )
Users don't stay logged in after leaving a MediaGoblin site. There is no option to stay logged in (via cookies, or whatever the best way to do this is).
Change History (4)
comment:1 by , 13 years ago
comment:2 by , 12 years ago
| Component: | → programming |
|---|---|
| Owner: | set to |
| Status: | accepted → in_progress |
Started working on this.
comment:3 by , 12 years ago
| Owner: | removed |
|---|---|
| Status: | in_progress → review |
This is my solution: branch 354-save-login. Maybe it would be better if you could set the expiry time in the site configuration.
comment:4 by , 12 years ago
| Description: | modified (diff) |
|---|---|
| Status: | review → accepted |
Good idea.
BUT: It wont work fully, I think.
request.session is a new, fresh object for each request, even of the same user/session. Because it is created from the contents of the sent cookie. So the extra .max_age will only be set on the session straight on the login action. So yes, it will affect the cookie that is set at login.
But if the cookie is modified later on by modifying the session, then there wont be any max_age and the cookie will be sent as a session cookie. I don't know, what browsers do, when cookies change from having an expire time to not having one.
If you want to test: Do anything that creates a message at the top. For example post an empty comment.
So the max_age should possibly be put in the session itself, so that it can be used later on again?
The original url for this bug was http://bugs.foocorp.net/issues/707 .