Open alexmo1997 opened 5 months ago
YiranDuan721
commented
5 months ago I am considering to add a "Remember me" option on the login page, and set the cookie to be valid for 6 months if it is selected. Do you think 6 months is a good idea? I'd like to hear from anyone.
YiranDuan721
commented
5 months ago This (realising a "remember-me" feature with jwt) turns out to be a more complex thing than I originally thought.
A simple solution would be similar to what I did last week (#1310). This is also how it is implemented in Artemis. Artemis currently adopts 3-days as the token validity when "remember-me" is not checked at log-in, and 1-month as when checked.
A more recommended way is, according to this answer, and as Joscha suggested, to refresh the token before it expires every time the user opens the website.
I will try to implement the second way today, but not sure whether this would go smoothly; if not, I don't think I still have time to work on it until 1st March. Wish me luck =w= And I appreciate any comments and suggestions.
Is your feature request related to a problem? Please describe. Currently, when I logon to TUMLive, those sessions expire after a week. On Desktop, this isn't a big of a deal, but on mobile it is really frustrating that I have to relogin every week.
Describe the solution you'd like Make sessions (much) longer in general (or not expire at all) and/or refresh them when the user uses the site. I know of no other streaming sites where I have ever had the problem of being logged out. Frankly, I don't think an applications such as TUMLive warrants such special security measures.
Describe alternatives you've considered
Additional context I am not sure if there is something you can do about this given that this is probably mostly handled by Shibboleth, but I hope so.