Remember un/pw feature for login

fossar / selfoss

multipurpose rss reader, live stream, mashup, aggregation web application

https://selfoss.aditu.de

GNU General Public License v3.0

2.38k stars 345 forks source link

Remember un/pw feature for login #174

Closed carlokok closed 11 years ago

carlokok commented 11 years ago

Currently each time I reopen my browser i have to type the un/pw in.

jan-battenfeld commented 11 years ago

Selfoss uses Cookies to remember that you are logged in. Perhaps you have set your browser to delete cookies on close (or entirely)? Can you close and open a selfoss tab without the need to login? Both chromium and firefox remember my login-state after reopening.

carlokok commented 11 years ago

if I close a tab but keep Firefox open, its fine. if I close Firefox all together it forgot.

jan-battenfeld commented 11 years ago

Then you have set "Delete Cookies on Close" or something like that under Preferences > Privacy (Sorry, my Firefox won't let me change the locale for some reason, so I don't know the exact wording). Either

change your Cookie settings
or save your login and password (one more click after each restart)

bytepossum commented 11 years ago

I have the same problem with both Firefox and Android browser. In Firefox settings cookies are accepted (except 3rd-party cookies) and kept until they expire. Under "show cookies" for selfoss I see just one cookie named "PHPSESSID" but it says it expires at end of session.

jan-battenfeld commented 11 years ago

Tested again with Firefox 19 (Almost vanilla: Changed Cookie Settings to exclude 3rd-party) and Chromium 25. The "PHPSESSID" cookie is stored ~20 days, login is remembered. Selfoss is version 2.4 This seems to be a problem with your Browsers. Try creating a new profile and deactivating cookie-related addons.

MentalFS commented 11 years ago

It may also be the server. My standard Debian installation seems to delete sessions that are not used for more than 24 minutes. This means I have to log in again even when my browser wasn't closed, just because I didn't refresh for some time.

I think these values in the server's php.ini should be looked over:

session.cookie_lifetime
session.gc_maxlifetime

It also looks like session.gc_maxlifetime ill be ignored in any other php.ini (for example if you put one in your Selfoss folder).

SSilence commented 11 years ago

You are right, I have set the server session timeout to 24 hours. I removed this from the authentication class. The configured values from php.ini (session.gc_maxlifetime) will be used. The cookie lifetime was also set in a wrong way. I fixed this and now it should work in Firefox and other browsers correct. Thanks for the feedback!