Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration persistent login (rememberme) #5050

Open
rcubetrac opened this issue Sep 10, 2012 · 6 comments
Open

Integration persistent login (rememberme) #5050

rcubetrac opened this issue Sep 10, 2012 · 6 comments
Labels
C: Core functionality enhancement
Milestone
later

Comments

@rcubetrac
Copy link

Reported by lefoyer on 10 Sep 2012 19:15 UTC as Trac ticket #1488685

I tested the patch for version 0.8.1
Need a translation into languages other than English and Russian.

Migrated-From: http://trac.roundcube.net/ticket/1488685
@rcubetrac
Copy link
Author

Comment by @alecpl on 11 Sep 2012 06:28 UTC

Wouldn't be better to keep it as a plugin? I don't like changes in rcmail and rcube_session. I don't understand the change related to login_autocomplete config. Also do we really need rememberme_session_lifetime setting? It should be automatic.

@rcubetrac
Copy link
Author

Comment by lefoyer on 11 Sep 2012 07:27 UTC

Wouldn't be better to keep it as a plugin?

I think this is the main feature, and it has no place in the plugin.

I don't like changes in rcmail and rcube_session.

You see the best way?

I don't understand the change related to login_autocomplete config.

The default value can be left at 0.
If you work on a public computer, do not need to save your login and password on this computer.

Also do we really need rememberme_session_lifetime setting? It should be automatic.

session_lifetime used to work on a public computer, rememberme_session_lifetime used to work on a personal computer.
For example:
session_lifetime = 5 (minutes);
rememberme_session_lifetime = 30 (days),
if you put a checkbox rememeberme then, depending on the settings login_autocomplete,
the Web browser will save the username, password, host, and lifetime will be equal to 30 days.
Otherwise, the browser will not store the username, password, host, and lifetime will be 5 minutes.

@rcubetrac rcubetrac added this to the later milestone Mar 20, 2016
@Offerel
Copy link

Offerel commented Feb 21, 2018

This request is from 2012, are there any plans when this could be in release?

mkllnk referenced this issue Mar 31, 2018
@alecpl
Fix issue caused by non-default session.cookie_lifetime setting (#5961)
1bb9797
@mkllnk
Copy link
Contributor

mkllnk commented Mar 31, 2018

There is still an issue that sessions do not survive browser restarts.

A recent commit to solve this problem does not work as intended, I guess:

roundcubemail/program/lib/Roundcube/rcube.php

Lines 518 to 519 in 1bb9797

// set session cookie lifetime so it never expires (#5961)
ini_set('session.cookie_lifetime', 0);

One option is the "remember me" checkbox as discussed here. The other option is to adjust the session cookie lifetime to RC's session_lifetime and let people use the Logout button when they want to.

@mkllnk
Copy link
Contributor

mkllnk commented Mar 31, 2018

This is may not be for everyone, but here is what I changed to extend the sessions:

---
 program/lib/Roundcube/rcube.php         | 4 +++-
 program/lib/Roundcube/rcube_session.php | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 2b9e3bd..f21de96 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -516,7 +516,9 @@ class rcube
         }

         // set session cookie lifetime so it never expires (#5961)
-        ini_set('session.cookie_lifetime', 0);
+        //ini_set('session.cookie_lifetime', 0);
+        // set cookie lifetime to one month
+        ini_set('session.cookie_lifetime', 60 * 60 * 24 * 30);
         ini_set('session.cookie_secure', $is_secure);
         ini_set('session.name', $sess_name ?: 'roundcube_sessid');
         ini_set('session.use_cookies', 1);
diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php
index 9fc564f..bb56f3d 100644
--- a/program/lib/Roundcube/rcube_session.php
+++ b/program/lib/Roundcube/rcube_session.php
@@ -655,7 +655,10 @@ abstract class rcube_session
     public function set_auth_cookie()
     {
         $this->cookie = $this->_mkcookie($this->now);
-        rcube_utils::setcookie($this->cookiename, $this->cookie, 0);
+        //rcube_utils::setcookie($this->cookiename, $this->cookie, 0);
+        // set cookie lifetime to one month
+        $timestamp_in_one_month = time() + 60 * 60 * 24 * 30;
+        rcube_utils::setcookie($this->cookiename, $this->cookie, $timestamp_in_one_month);
         $_COOKIE[$this->cookiename] = $this->cookie;
     }

--

It extends the cookie lifetime to one month. I also set $config['session_lifetime'] to two days. So if people use Roundcube every day, they stay logged in for a month. If they are not using it for more than two days, they have to log in again.

Of course, it would be much nicer to configure this somewhere.

@emtiu
Copy link

emtiu commented May 17, 2020

I just ran into this same issue. It really would be nice to have some core functionality allowing persistent logins (i.e. long-lived session cookies).

@emtiu emtiu mentioned this issue Nov 4, 2020
Open
@ghost ghost mentioned this issue Jan 31, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: Core functionality enhancement
Projects
None yet
Milestone
later
Development

No branches or pull requests
4 participants
@emtiu @mkllnk @Offerel @rcubetrac