Closed menno-ll closed 8 months ago
FYI, the plugin is controlled by the IDP session length. This is not related to a cookie.
For as far as i can see, the IDP session length has no influence at all on the length of the WP login cookie that is set here and here.
If i am correct this would in the current state result in Wordpress logging in the user for the current session, with a max time of 2 days. Or am i missing something here? If so, could you please point me to the code handling the IDP session length while logging in the user in WP?
The PR https://github.com/oidc-wp/openid-connect-generic/pull/513 i've created is now finished, hopefully this will clarify what I am trying to accomplish.
Also created PR https://github.com/oidc-wp/openid-connect-generic/pull/514, which sets the wp user cookie expiration to the value of the refresh token expiration.
@menno-ll a release with this work has now been published to the WP.org repository.
Thank you @timnolte, have a good day!
Is your feature request related to a problem? Please describe. For a client we have a news website, with a paywall, stuff like that. Their customers need to login using this openid connection, so they can view the paid content. However, they are logged out everytime they close their browser, or after 2 days. This all will lead to a degraded user experience, and a loss of paid customers.
Describe the solution you'd like A clear and concise description of what you want to happen. I would like this plugin to add the option to enable using rememberme logins, which allows extending the session time. I would also like the plugin to set the WP login cookie expiration to the same length as the IDP session.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. I've tried using the auth_cookie_expiration at this moment in time, however this does not work fully. It only changes the length a cookie is valid, but it will still be invalidated after the browser is closed. For this to be modified, rememberme login needs to be used.
Additional context I will attempt to create a PR for you which includes this feature, which can be enabled using a filter.