Question

I'm using client sessions, with {Sessions}{ExpireAfter} set to 21600, but I have to login every browser session. I checked the cookie "TWIKISID" properties and it said it was set to expire with the browser session. I'm using Twiki::Client::TemplateLogin and am having no other authentication-related issues. I have only the default plugins installed and enabled.

Environment

-- BryceSchober - 06 Sep 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

ping? Does no one else have this problem? How could I help to debug it?

-- BryceSchober - 09 Oct 2006

I don't think TWiki supports having authentication survive between browser sessions. - Though it is an interesting thought

Perhaps raise a discussion in Codev?

-- SteffenPoulsen - 10 Oct 2006

Argh! I figured that was the whole point of using cookies to begin with...

-- BryceSchober - 11 Oct 2006

I just read TWikiUserAuthentication again and it says:

"Once a user is logged on, they are remembered using a "session id" stored in a cookie in the browser (or by other less elegant means if the user has disabled cookies). This avoids them having to log on again and again."

That really leads me to believe that the Twiki session is intended to be preserved over client browser sessions. Is that really not what is intended?

-- BryceSchober - 11 Oct 2006

Really, it's not what was intended. The reason for the cookie is to remember the user between requests to the same server, within a single browser session. It's not rocket science how it does it, though. If you want to switch it so it remembers you between sessions, then edit the relevant parameters to CGI:Cookie->new in the modifyHeader and redirectCgiQuery functions in lib/TWiki/Client.pm. I think all you need to do is specify an expiration date e.g. -expires=>'+1d' to expire in a day hence.

-- CrawfordCurrie - 11 Oct 2006

I've created the feature request RememberCookieLogin to try to get this functionality into the login form.

-- BryceSchober - 12 Oct 2006

This could be done using the attached file https://twiki.org/p/pub/Support/AuthCookiesExpireEarly/remember.diff. Copy this file to your twiki directory. Then run patch -Np1 < remember.diff. That will add a "remember me" option to the login form and will keep track of remembered sessions for a year.

-- ChadParry - 05 Dec 2006

Good idea to add the checkbox. I have incorporated the patch for login.pattern.tmpl in SVN.

-- ArthurClemens - 06 Dec 2006

If what is documented is "really not what was intended", I see you have two options: 1) change the documentation, or 2) change the features to fit the documentation. As far as I can tell we still have the worst of both worlds - an feature that does not do what the documentation suggests it does...

-- EricWoods - 30 Jan 2007