View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|12143||Feature requests||[All Projects] Security||public||2017-02-20 18:10||2017-11-17 11:48|
|Target Version||Fixed in Version|
|Summary||12143: Add a login cookie with a duration longer than the session|
It seems the admin login uses PHP sessions which are destroyed at the end of the browsing session (or even before if the server cleans the sessions every X minutes), which is pretty annoying.
|Tags||No tags attached.|
I like it, it can be done in plugin currently.
We can use a library like rememberme (https://github.com/gbirke/rememberme) to ensure that the cookie is sufficiently secure.
Here is a basic implementation as a plugin : https://framagit.org/Animafac/limesurvey-rememberme
In fact , for all session :
Work too without issue (here for 7 days)
Can use 'savePath' => '/outofgarbage/tmp', : to disallow server to garbage session too.
I close this one
It's generally not a good idea to store long PHP sessions, especially if you don't use garbage collection, because a lot of sessions can be created quite easily by an attacker and it can fill your drive.
What if I run something like this in Bash for example:
This is why it is considered a better practice to:
I send it in feedback to Carsten
OK to close it ?
PS : @Rudloff : if you found some time to put your plugin in https://www.limesurvey.org/index.php?option=com_sobipro&sid=61:Authentication&Itemid=729 it's great.
If you want i make it : i can (just ask), but better if you do it.
OK you can close the bug. I will submit my plugin but I wan't to add some documentation and tests first.
@c_schmitz : maybe we can include this plugin in core plugin for 3.0 ?
|2017-02-20 18:10||Rudloff||New Issue|
|2017-02-21 18:59||DenisChenu||Note Added: 43054|
|2017-02-21 19:06||Rudloff||Note Added: 43058|
|2017-02-23 12:37||Rudloff||Note Added: 43082|
|2017-02-28 14:19||DenisChenu||Note Added: 43095|
|2017-02-28 14:19||DenisChenu||Status||new => closed|
|2017-02-28 14:19||DenisChenu||Resolution||open => no change required|
|2017-02-28 15:28||Rudloff||Status||closed => feedback|
|2017-02-28 15:28||Rudloff||Resolution||no change required => reopened|
|2017-02-28 15:28||Rudloff||Note Added: 43097|
|2017-02-28 16:04||DenisChenu||Note Added: 43098|
|2017-02-28 16:05||DenisChenu||Assigned To||=> c_schmitz|
|2017-02-28 16:05||DenisChenu||Status||feedback => assigned|
|2017-02-28 16:05||DenisChenu||Status||assigned => feedback|
|2017-02-28 16:05||DenisChenu||Note Added: 43099|
|2017-02-28 16:06||DenisChenu||Note Added: 43100|
|2017-02-28 16:23||Rudloff||Note Added: 43102|
|2017-02-28 16:23||Rudloff||Status||feedback => assigned|
|2017-02-28 16:28||DenisChenu||Note Added: 43103|
|2017-11-17 11:48||DenisChenu||Note Added: 45102|