You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "remember me" checkbox is not honored when the Duo Universal plugin is active.
Description
Some investigation into the Duo classes shows that "remember me" is ignored by Duo and therefore results in all users having default session cookies set rather than longer term.
Expected Behavior
Expect that checking "remember me" in the login interface for WordPress would create auth cookies that are - by default - 14 days until expiration.
Actual Behavior
Regardless of "remember me," auth cookies are set to short duration session cookies.
Steps to Reproduce
With Duo active, check the "remember me" checkbox on the WP login screen
Note that rather than the 14 day expiration expected upon successful login, wordpress_login and wordpress_sec cookies are short lived session cookies
Workarounds
My current workaround is to override the pluggable core function wp_set_auth_cookie and force the desired cookie expiration. This isn't ideal for reasons of maintainability over time and I would rather let the user determine if they'd like to have longer sessions or not.
The text was updated successfully, but these errors were encountered:
The "remember me" checkbox is not honored when the Duo Universal plugin is active.
Description
Some investigation into the Duo classes shows that "remember me" is ignored by Duo and therefore results in all users having default session cookies set rather than longer term.
Expected Behavior
Expect that checking "remember me" in the login interface for WordPress would create auth cookies that are - by default - 14 days until expiration.
Actual Behavior
Regardless of "remember me," auth cookies are set to short duration session cookies.
Steps to Reproduce
wordpress_loginandwordpress_seccookies are short lived session cookiesWorkarounds
My current workaround is to override the pluggable core function
wp_set_auth_cookieand force the desired cookie expiration. This isn't ideal for reasons of maintainability over time and I would rather let the user determine if they'd like to have longer sessions or not.The text was updated successfully, but these errors were encountered: