Forum OpenACS Development: Disabling checkbox "Remember login" by default

Thinking about user's behaviour, I noticed it's very common for users to leave their sessions logged every time they use the website.

Thus, for security purposes, may we leave persistent login unchecked by default on ACS core.

File /packages/acs-subsite/lib/login.tcl, line 153

Best wishes,
I

-- set options_list [list [list [_ acs-subsite.Remember_my_login] "t"]]
++ set options_list [list [list [_ acs-subsite.Remember_my_login] "f"]]
if { $allow_persistent_login_p } {
    ad_form -extend -name login -form {
        {persistent_p:text(checkbox),optional
            {label ""}
            {options $options_list}
        }
    }
}
Collapse
Posted by Gustaf Neumann on
Your suggestion is to change the default on the checkbox to "f". Well, it is hard to make a choice, which fits best to everybody's needs. The situation on personal devices (e.g. mobile phones) is as well different as in other cases.

For the time being, i've added a parameter PersistentLoginDefault to acs-subsite that lets an admin decide the default value, without having to hack the login.tcl file. The parameter setting defaults to the current behavior of OpenACS, so people which are updating and do not want to make changes see no difference.

[1] http://fisheye.openacs.org/changelog/OpenACS?cs=oacs-5-10%3Agustafn%3A20190224075820

Collapse
Posted by Iuri Sampaio on
Thanks Gustaf,
You're right. A parameter is the best approach that suits better to people's needs.

Plus, the main goal is well achieved with it. (i.e. avoiding changes directly in the source code)

Best wishes,
I