UX: Longer sessions #1302
Comments
|
I am considering to add a "Remember me" option on the login page, and set the cookie to be valid for 6 months if it is selected. Do you think 6 months is a good idea? I'd like to hear from anyone. |
Passes on whether the user has selected the "remember me" option by setting a cookie, and if so, the jwt cookie set at login is set to be valid for 6 months instead of one week. Related: #1302
|
This (realising a "remember-me" feature with jwt) turns out to be a more complex thing than I originally thought. A simple solution would be similar to what I did last week (#1310). This is also how it is implemented in Artemis. Artemis currently adopts 3-days as the token validity when "remember-me" is not checked at log-in, and 1-month as when checked. A more recommended way is, according to this answer, and as Joscha suggested, to refresh the token before it expires every time the user opens the website. I will try to implement the second way today, but not sure whether this would go smoothly; if not, I don't think I still have time to work on it until 1st March. Wish me luck =w= And I appreciate any comments and suggestions. |
Is your feature request related to a problem? Please describe.
Currently, when I logon to TUMLive, those sessions expire after a week.
On Desktop, this isn't a big of a deal, but on mobile it is really frustrating that I have to relogin every week.
Describe the solution you'd like
Make sessions (much) longer in general (or not expire at all) and/or refresh them when the user uses the site.
I know of no other streaming sites where I have ever had the problem of being logged out.
Frankly, I don't think an applications such as TUMLive warrants such special security measures.
Describe alternatives you've considered
Additional context
I am not sure if there is something you can do about this given that this is probably mostly handled by Shibboleth, but I hope so.
The text was updated successfully, but these errors were encountered: