Hi all,
Would it be possible to increase the time until a user is logged out after he/she successfully authenticated? It's quite nasty to type in the credentials several times a day (currently it's 3 hours IIRC).
3-7 days would be a good time frame IMHO.
Thanks and best, Max
PS: I'm not on the list so please keep me in Cc.
On Wed, Jun 14, 2017 at 09:26:32AM +0000, Max Mehl wrote:
Would it be possible to increase the time until a user is logged out after he/she successfully authenticated? It's quite nasty to type in the credentials several times a day (currently it's 3 hours IIRC).
3-7 days would be a good time frame IMHO.
In contemporary web services it is customary to provide at least two cookies with a login. One session cookie with a short timeout, and one long-lived login-cookie that is valid for days or weeks. The session cookie retains the session, while the login cookie allows to easily open a new one.
This seems to be the common method of providing long-term logins. I am however not familiar with the security considerations that lead up this routine.
Unfortunately moin does only support session cookies. Without further reading I would be reluctant to make the session cookie so lasting.
I would rather consider a time-frame of maybe 12 hours, which should still bring you over the workday. Maybe we could do something with OpenID to reproduce the dual approach, but I have no distinct idea yet, how this would work exactly.
Thanks for your reply, interesting to read.
# Paul Hänsch [2017-06-14 12:17 +0200]:
Unfortunately moin does only support session cookies. Without further reading I would be reluctant to make the session cookie so lasting.
I would rather consider a time-frame of maybe 12 hours, which should still bring you over the workday.
Okay, at least this would be a first improvement. But I'd love to have a longer login period in the long run.
Best, Max
On Wed, Jun 14, 2017 at 01:18:04PM +0000, Max Mehl wrote:
I would rather consider a time-frame of maybe 12 hours, which should still bring you over the workday.
Okay, at least this would be a first improvement. But I'd love to have a longer login period in the long run.
I set it to 12 hours. Incidentally this is fits the example used in the Moin documentation. It also seems that Moin is indeed able to provide a login cookie (next to the session cookie). The reason this is not offered in the login form, might be related to the fact, that we are using ldap logins, not native MoinMoin logins.
However, in your user settings, under Preferences you can find a checkbox named "Remember login information". This could be what you are looking for.
If you want to try this out, please let us know if it works.
# Paul Hänsch [2017-06-14 16:25 +0200]:
I set it to 12 hours. Incidentally this is fits the example used in the Moin documentation. It also seems that Moin is indeed able to provide a login cookie (next to the session cookie). The reason this is not offered in the login form, might be related to the fact, that we are using ldap logins, not native MoinMoin logins.
Thanks a lot, Paul!
However, in your user settings, under Preferences you can find a checkbox named "Remember login information". This could be what you are looking for.
If you want to try this out, please let us know if it works.
I'll do so and report back if I don't forget it.
Best, Max