"remember me" not honored

[GoogleCodeExporter]

************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version:
2.9-rc1, configured to authenticate via LDAP.

What steps will reproduce the problem?
1. Click 'Sign in', enter username and password, click 'Remember me'
2. On the next day, open Gerrit and click on 'Sign in' again.
3. Observe that 

What is the expected output? What do you see instead?
When enabling 'Remember me', I'd expect that I'm not automatically
signed out after a day.
When I'm signed out because of longer inactivity, I'd expect that the 'Remember 
me' field remembers its previous value.

Original issue reported on code.google.com by Martin.W...@gmail.com on 28 May 2014 at 8:09

[GoogleCodeExporter]

Additionally, when the user selected 'remember me', the username field should 
be prefilled and the focus should be in the password field so that the next 
login does not require so many key strokes.

From looking at the code, the 'remember me' field only makes the login cookie 
persistent, but does not change the expiry time of 12h.

I suggest the following changes:
 * when 'remember me' is enabled, increase the expiry time to 24h.
 * when 'remember me' is enabled, store a second longer-lived cookie (~1 week),
   with the username as value
 * when 'remember me' is disabled then also delete this cookie
 * when this cookie is present, then prefill the username field,
   put the focus to the password field and also enable the 'remember me' field

Original comment by Martin.W...@gmail.com on 2 Jun 2014 at 7:51

[GoogleCodeExporter]

The expiry time of the web sessions is defined by the maxAge parameter of the 
web_sessions cache in the gerrit.config file [1]. 12h is the default expiry 
time for web sessions. If you want it to be longer, increase it in the 
gerrit.config file.

[1] 
https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cache

Original comment by edwin.ke...@gmail.com on 2 Jun 2014 at 1:17

[GoogleCodeExporter]

Ah, thanks, I missed that configuration option.

Still I think that the 'remember me' field should do more.
I keep my web browser open for the entire week,
so the change from a per-session to a persistent cookie does not really change 
anything for me...

What do you think about my other proposals?

Original comment by Martin.W...@gmail.com on 2 Jun 2014 at 3:25

[GoogleCodeExporter]

Hi,
I checked logging in with LDAP auth and "Remember me" box checked in recent 
master.
After I signed out and tried to login again then the username and password were 
pre-filled with the last username and password that I logged in.
So, it seems the other proposal are already fulfilled.
Can you please let me know if anything else remains from the above suggestions 
that you made.
Thanks.

Original comment by mani.cha...@gmail.com on 26 Jun 2014 at 10:44

[GoogleCodeExporter]

I tested initially by starting gerrit site in GWT mode then it is working as 
expected i.e. remembering the username when Remember me is checked but when I 
started gerrit site with daemon then it does not remember username even when 
Remember me is clicked.
PS-No changes were made in code. Gerrit site was started from the latest master.

Original comment by mani.cha...@gmail.com on 26 Jun 2014 at 11:42

[GoogleCodeExporter]

I use gerrit in daemon mode and it does not remember the login name.
I'm either still logged in, or I am presented an empty login field.

Original comment by Martin.W...@gmail.com on 26 Jun 2014 at 3:51

[GoogleCodeExporter]

Doesn't seem to work in chrome but it does work with firefox and IE. In chrome 
once session is expired you have to retype use and password.

Original comment by yairogen on 9 Feb 2015 at 6:04