New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement the remember me button #5

Closed

ElysaSrc opened this issue Jun 8, 2024 · 1 comment

Assignees

Member

ElysaSrc commented Jun 8, 2024 •

edited

Loading

Without remember me checked:

The refresh token should be signed for 1 day but the cookie containing it should not have any expiration date. Doing so, the browser will drop the session when closed.

With remember me checked:

The refresh token token should be signed for 31 days and the cookie containing it should have the same expiration date.
We should unlog the user if there is no activity from the user.
We should not unlog an user that is active even if the token is coming to an end (grace period).
We should handle the lifecycle within the refresh only, not within all checks.

ElysaSrc assigned Synar and ElysaSrc

ElysaSrc assigned multun and unassigned Synar and ElysaSrc

ElysaSrc changed the title ~~Define what the "Remember me" button should do ? Maybe drop it~~ Implement the remember me button

Contributor

multun commented Jun 18, 2024

Implemented by #35

multun closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment