Closed cll0ud closed 4 years ago
alexedwards
commented
5 years ago At the moment this isn't possible. The Cookie.Persist setting applies to all sessions, not just the currently active request. So yes -- other users would be affected if you change it.
I'll have a think about how to solve this.
eduardhasanaj
commented
4 years ago Hi @alexedwards This feature is a requirement for me. Your package helped me to implement the exchange of session key in a custom header. Is there any workaround to this problem? If I have a list of session keys, can I use a timer to destroy them? So I create a blank context then Inject session token?
alexedwards
commented
4 years ago I think that this issue can be expanded to cover discussion of how we handle overriding any setting on a per-session basis. I can see the potential usefulness of being able to change the session Lifetime, IdleTimeout, Persist and even SameSite setting on individual sessions.
I would rather that we develop a sensible mechanism for handling all of those, rather than only dealing with the Persist setting.
I've opened issue #85 to track that.
I'd like to give the users of my application the option to persist their session (the infamous "Remember me" checkbox) but I'm not sure how I should proceed.
Can I just change the Cookie.Persist when the user logs in? Should I save that option in their context to pass it again when I fire up RenewToken()? If I change the persist option, is it possible that other users will be affected?
Btw thank you for scs!