Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Start using the Persistent Login module for extra security/reliability #29

Open
Ambient-Impact opened this issue Jul 11, 2023 · 0 comments
Open

Start using the Persistent Login module for extra security/reliability #29

Ambient-Impact opened this issue Jul 11, 2023 · 0 comments
Labels
enhancement New feature or request security Security improvements

Comments

@Ambient-Impact
Copy link
Member

Ambient-Impact commented Jul 11, 2023
edited

The Persistent Login module:

The Persistent Login module provides a "Remember Me" option on the user login form. Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime.

2.1.0 of the module was released recently with a couple of cookie improvements and fixes (helped along by yours truly) so this should work for us with our current cookie hardening set up.

The remaining blocker is that Persistent Login doesn't seem to work with the TFA module.

There's also an open issue to create a better UX for the logged in sessions and the ability to log out some or all of them that we could help out with in the future.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security Security improvements
Projects
UX improvements
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ambient-Impact