Remembering users? #525
Comments
|
This is a valid issue. Thank you for raising it! I'm moving this to the In the meantime, it is possible to simulate a "remember me" feature that will apply to all users by extending the timeouts values (for example by specifying a year as value): https://github.com/FoalTS/foal/blob/master/docs/authentication-and-access-control/session-tokens.md#session-expiration-timeouts |
|
Hello @LoicPoullain, I looked into the docs already, to think about an implementation to this feature. Yet, you can choose to set timouts using this guide in the docs: https://foalts.org/docs/authentication-and-access-control/session-tokens#session-expiration-timeouts So for this feature, in the process of saving the user to the session: Or do you already have another Idea, how to implement such a feature? |
|
Hi @scho-to 👋
This issue is more complex. One way to implement the remember me feature would be simply to increase bother idle and absolute timeouts to a value further in the future. But this involves some security concerns as authentication tokens should have a short lifetime. There is a big study to be done here that involves studying the OWASP recommendations and the state of the art in other web frameworks. |
Although the framework provides authenticating and fetching user from database, it seems to miss
remember mefunctionality. Would be great if there was a built-in way to do this.Laravel provides a layer called
Authfor authenticating user and dealing with its state even permission gates. Again, I am not forcing anybody to follow laravel in every step, but there are proven benefits on their abstraction. Checkout these:https://github.com/laravel/framework/blob/5.8/src/Illuminate/Auth/
https://laravel.com/docs/5.8/authentication#remembering-users
https://laravel.com/docs/4.2/upgrade#upgrade-4.1.26
The text was updated successfully, but these errors were encountered: