Page MenuHomePhabricator

PluggableAuth does not set the "remember me" flag
Closed, ResolvedPublic

Description

When logging in with PluggableAuth, the "remember me" flag (aka "Keep me logged in" checkbox) is not set. In most cases it would make sense to set it - it makes logins last longer by detaching them from the session handling of the wiki (and also using a longer cookie lifetime).

Related Objects

Event Timeline

Change 665805 had a related patch set uploaded (by Cicalese; owner: Cicalese):
[mediawiki/core@master] Make RememberMe authentication behavior configurable.

https://gerrit.wikimedia.org/r/665805

With respect to the patch, my thought is that environments (like NASA's) where the wiki is only accessible from their enterprise network, their wikis could be configured to ALWAYS_REMEMBER. The default is the current behavior, CHOOSE_REMEMBER, which still allows the login form to be bypassed. For environments where the wikis could be accessed from public networks, it could be set to NEVER_REMEBER, or, if you trust your users, FORCE_CHOOSE_REMEMBER, which would force showing the login form and would allow users to select Remember Me.

Change 665805 merged by jenkins-bot:
[mediawiki/core@master] Make RememberMe authentication behavior configurable.

https://gerrit.wikimedia.org/r/665805

CCicalese_WMF claimed this task.
CCicalese_WMF moved this task from Backlog to Closed on the MediaWiki-extensions-Pluggable-Auth board.