Forum OpenACS Development: Re: Remember Me Feature Broken!
Those changes were added by you.
Can you comment on this?
We want to fix this feature without breaking what looks to be a security fix.
Therefore we thought about adding to the values list of ad_user_login ( or ad_user_login_secure in case of being under secure connections ) the value of the "remember me" check box with the purpose of querying it when setting the ad_session_id. When user don't want to be remembered then the ad_sesssion_id will be discarded otherwise expiration date is set to whatever value is configured on the SessionTimeout parameter.
In our case we don't allow persistent logins which means that this change will still continue to discard the ad_session_id cookie, so we are on the safe side.
Would this change make sense to you all? I already did this modifications in my local instance and works well.