[daisy] [JIRA] Commented: (DSY-148) Save username password in cookie so user doesn't need to login everytime browser closes

Karel Vervaeke (JIRA) issues at cocoondev.org
Tue Mar 4 10:43:26 CST 2008 

    [ http://issues.cocoondev.org//browse/DSY-148?page=comments#action_13549 ] 

Karel Vervaeke commented on DSY-148:
------------------------------------

Quoting Bruno:
"I don't think it's a good idea to require external authentication schemes to be able to do anything more then checking login/password"

I agree that *requiring* them to do so is bad practice, but if we want remember-me-cookies without resorting to the aforementioned bad practice of storing passwords in potentially reversible form, we *want* some functionality from the authentication service.
In other words, support for remember-me-cookies should be an optional feature by the authentication service.  The authentication service can indicate this by implementing a particular interface.

Now, two obvious approaches remain:
(1) either the authentication services manage the remember-me-cookies (which means each service needs to provide its own implementation)
(2) daisy manages the remember-me-cookies.  Authentication services that implement the additional functionality should be able to answer the question: "could this user log in if he provided the correct password"

The pragmatic solution is (1), the practical solution is (2).  We could provide both solutions, but that seems overkill.
That being said, I agree that (a) the remember-me checkbox should be on the user preference page, not on the login screen and that (b) administrators should be able to specify whether they want to enable this feature (default behaviour = no) and (c) the "persistent login cookie best practice" article is an interesting read, I would base my implementation on it

> Save username password in cookie so user doesn't need to login everytime browser closes
> ---------------------------------------------------------------------------------------
>
>          Key: DSY-148
>          URL: http://issues.cocoondev.org//browse/DSY-148
>      Project: Daisy
>         Type: Improvement
>     Reporter: Min Idzelis
>     Priority: Minor

>
> I am constantly redirected to the login page when I try to access a page that is not allowed for guest access. 
> Although I have this saved in my browser, it is still annoying to have to login repeatedly everytime the browser is restarted. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.cocoondev.org//secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

More information about the daisy mailing list