Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67066

"Keep me logged in" option on login page,

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • Future Dev
    • None
    • Authentication

    Description

      This is split off from MDL-65812

      We should be looking to extend the session timeout, perhaps with a "Keep me logged in", or "Remember me" checkbox at login.

      This has been requested many times in duplicate trackers but it's often been confused with 'Remember me' which was interpreted as only the username when lots of people really meant the full session.

      We need an admin setting for how long you should be remembered for, eg 1 month or 3 months. This is a maximum session length and should be treated differently to a session timeout. There is quite a few touch points.

       From a security perspective long lived sessions are ok as long as you have the ability to re-authenticate when you need to do something for sensitive so I think this should be dependent on MDL-66172 (and why I didn't do it as part of MDL-65812)

       Examples in the wild:

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              brendanheywood Brendan Heywood
              David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: