[Solar-talk] Peristent logins Was: Re-introducing Solar_Session
with adapter support
Rodrigo Moraes
rodrigo.moraes at gmail.com
Tue Mar 4 04:31:24 CST 2008
On Mon, Mar 3, 2008 at 6:26 PM, Antti Holvikari wrote:
> Yes, there is a timeout. A user *must* use his/her auth cookie within
> a specified time-window. It's up to the developer to decide the
> timeout.
ah, you're right. the cookie is renewed, so when accessed within the
time-window, they have their lifetime extended.
> Also, you can decide if you want users to be remembered only once.
> Like a one-time authentication cookie. If you want users to be always
> remembered, then the cookie will be renewed after a successful
> cookie-authentication.
Why this option? i mean, what's the utility of "renewing once" the
authentication?
I'd suggest an option to *always* set a cookie. When "remember me" is
not checked, the auth cookie would have a lifetime of 0, so it expires
when the browser closes. A new cookie would store if "remember me" was
marked, and then when cookies are renewed the adapter knows if they
should have a proper lifetime or just 0.
I think that sessions expiring is too annoying for some kind of sites.
Then, lifetime = 0 is very convenient.
-- rodrigo
More information about the Solar-talk
mailing list