Page MenuHomePhabricator
Create Task
Maniphest T265263

PluggableAuth does not set the "remember me" flag
Closed, ResolvedPublic
Actions

Description

When logging in with PluggableAuth, the "remember me" flag (aka "Keep me logged in" checkbox) is not set. In most cases it would make sense to set it - it makes logins last longer by detaching them from the session handling of the wiki (and also using a longer cookie lifetime).

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Make RememberMe authentication behavior configurable.mediawiki/coremaster+163 -11
Customize query in gerrit

Related Objects

Event Timeline

Tgr created this task.Oct 12 2020, 9:36 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 12 2020, 9:36 AM
Xxmarijnw subscribed.Oct 13 2020, 1:55 PM
gerritbot added a comment.Feb 22 2021, 5:00 PM

Change 665805 had a related patch set uploaded (by Cicalese; owner: Cicalese):
[mediawiki/core@master] Make RememberMe authentication behavior configurable.

https://gerrit.wikimedia.org/r/665805

gerritbot added a project: Patch-For-Review.Feb 22 2021, 5:00 PM
cicalese subscribed.Feb 22 2021, 5:03 PM

Note the discussion at https://www.mediawiki.org/wiki/Topic:Vq9ay00v0kphuhdd.

cicalese added a comment.Mar 2 2021, 9:35 PM

With respect to the patch, my thought is that environments (like NASA's) where the wiki is only accessible from their enterprise network, their wikis could be configured to ALWAYS_REMEMBER. The default is the current behavior, CHOOSE_REMEMBER, which still allows the login form to be bypassed. For environments where the wikis could be accessed from public networks, it could be set to NEVER_REMEBER, or, if you trust your users, FORCE_CHOOSE_REMEMBER, which would force showing the login form and would allow users to select Remember Me.

gerritbot added a comment.Mar 15 2021, 6:22 AM

Change 665805 merged by jenkins-bot:
[mediawiki/core@master] Make RememberMe authentication behavior configurable.

https://gerrit.wikimedia.org/r/665805

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.35; 2021-03-16).Mar 15 2021, 7:00 AM
Maintenance_bot removed a project: Patch-For-Review.Mar 15 2021, 7:10 AM
CCicalese_WMF closed this task as Resolved.Apr 23 2021, 10:37 PM
CCicalese_WMF claimed this task.
CCicalese_WMF moved this task from Backlog to Closed on the MediaWiki-extensions-Pluggable-Auth board.
cicalese mentioned this in T240982: Remember Me feature.Jun 15 2021, 1:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits