Forum OpenACS Development: Re: Remember Me Feature Broken!

Collapse
Posted by Victor Guerra on
In order to avoid discarding the cookie ad_session_id when browser closes, one would need to know weather the user checked, in the login form, the option "remember me". But at the moment of setting the cookie this info is not available.

Therefore we thought about adding to the values list of ad_user_login ( or ad_user_login_secure in case of being under secure connections ) the value of the "remember me" check box with the purpose of querying it when setting the ad_session_id. When user dont want to be remembered then the ad_sesssion_id will be discarded otherwise expiration date is set to whatever value is configured on the SessionTimeout parameter.

In our case we dont allow persistent logins which means that this change will still continue to discard the ad_session_id cookie, so we are on the safe side.
Would this change make sense to you all? I already did this modifications in my local instance and works well.