I like it, it can be done in plugin currently.

But :

• cookies must be really have some crypting mecanisms
• cookies must use some salt

We can use a library like rememberme (https://github.com/gbirke/rememberme) to ensure that the cookie is sufficiently secure.

Here is a basic implementation as a plugin : https://framagit.org/Animafac/limesurvey-rememberme

In fact , for all session :
In fact :
'session'=>array(
'sessionName'=>'ls',
'cookieParams' => array(
'lifetime' => 60 60 24 * 7,
),
),

Work too without issue (here for 7 days)

Can use 'savePath' => '/outofgarbage/tmp', : to disallow server to garbage session too.

I close this one

It's generally not a good idea to store long PHP sessions, especially if you don't use garbage collection, because a lot of sessions can be created quite easily by an attacker and it can fill your drive.

What if I run something like this in Bash for example:
for ((i=1;i<=100000;i++)); do curl http://example.com/LimeSurvey/index.php/admin/authentication/sa/login; done
Because LS creates a new session for every user, even if they are not logged-in, this will allow to create unlimited sessions and they won't be garbage collected. (And even if you setup a cron for garbage collection, 7 days is enough time to fill up your server's drive.)

This is why it is considered a better practice to:

• Have short PHP sessions for everyone
• Have a second mechanism for long sessions used only for logged-in users
• Have a way to garbage collect old sessions

Hi Rudloff
1: bug title : Add a login cookie with a duration longer than the session : can be fixed by Yii
2: your plugin does really better and fix the situation.
=> Then i think we can close this bug .

I send it in feedback to Carsten

OK to close it ?

PS : @Rudloff : if you found some time to put your plugin in https://www.limesurvey.org/index.php?option=com_sobipro&sid=61:Authentication&Itemid=729 it's great.

If you want i make it : i can (just ask), but better if you do it.

OK you can close the bug. I will submit my plugin but I wan't to add some documentation and tests first.

Thanks

@c_schmitz : maybe we can include this plugin in core plugin for 3.0 ?

Or maybe in LS6? :D How many users could benefit from this? 50%? Seems like a promising quality-of-life feature.

Plugin would have to be reviewed and then included.

Instead of adding a never ending list of core plugins it would be better to finally incorporate limestore in the core plugin list view, for a one-click install experience of remote plugins.

Instead of adding a never ending list of core plugins it would be better to finally incorporate limestore in the core plugin list view, for a one-click install experience of remote plugins.

See wordpress success :)

Yeah, let's see if I can push that into Q1 or Q2 (Q = quarter year of 2023).

I consider this feature very useful. Would love to see this at LS 5.x.

Adding more and more core plugins doesn't seem to be the best approach. I think this is so useful that it should become a core feature.
But I will leave the implementation details up to you..

I think this is so useful that it should become a core feature.

More come feature and it make really complex to improve, adapt an existing feature …