Remember me with custom or alternate login?

[Dave]

Is there an easy way to allow "remember me" functionality with anything but the standard Auth()?  I am nearly finished writing my own open authentication class for a project I am working on.  I dont see this functionality in the baked Janrain / RPX class either though.  

Im trying to figure out if there is an easy way to do this or if I need to duplicate some of the Auth() 'remember me' functionality in my own class?

Thanks

[Anthony]

I think this is all you have to do to enable "remember me" for a particular user:

session.auth.expiration = auth.settings.long_expiration
session.auth.remember = True

So, if you add a "remember me" checkbox to the login form, just check whether it is selected, and if so, run the above two lines.

Anthony

[Dave]

Hm.

In the case of RPX, the "login form" is actually an iframe.  It doesn't get posted to the web2py framework except through a callback URL.

My service is similar to janrain, but i need to "link" multiple OAuth services to a singular user account.  In my case a button will link to the authorize URL for the apropos service.  

I was originally thinking along the same lines Anthony, but since there really isn't a form getting processed I am having some trouble thinking it through.  Perhaps I could create a form with the multiple account login services and redirect instead of linking directly with the button.  

[Anthony]

You could include a checkbox or button that sends an Ajax request to store the choice in the session and then look for it there upon login. Or just let the user set the option in their profile (perhaps defaulting to being enabled).

Anthony

[Dave]

As I sit here and think more about it, I am liking the "profile" option.  I almost typed that in my first reply.  I just need to figure out how to check for the cookie "onlogin".  Or does the Auth class do that for me?  hmm.

I will end up having a pretty involved registration process and I will ask the user to actually set that preference then.  Great idea.

[Dave]

Anthony, do you happen to know off the top of you head if the "remember me" logic automatically gets checked even if Auth(login_form=Myclass) is used?  I will tinker this weekend and try to determine that myself too.

Thanks

On Friday, September 28, 2012 1:11:10 AM UTC-4, Anthony wrote:

[Anthony]

I believe it should work. Auth initialization checks for the auth object in the session -- the auth object in the session includes auth.expiration and auth.remember. If auth.expiration hasn't expired, the user is considered logged in. The login form/method/function shouldn't be involved at this point.

Anthony

[Dave]

That's what I recall too.  I will report back.

I am actually writing an auth class that will use rauth (compatible with Oauth 1.0-1.0a and Oauth 2.0 specs.  My project requires integration with google, facebook, linkedin, twitter, pinterest and a few others.  Ultimately I will be storing the auth keys so the user will be able to interact with all the social networks simultaneously.

[Mark Li]

Does anyone know why the session.auth.remember and session.auth.expiration are only saved after a new page load?

Currently, I am making an ajax call that sets session.auth.remember and session.auth.expiration (after auth.login_bare()). If I close the browser after the ajax call without a new page load, then the session.auth.remember is not saved and the user is not logged in.

However, if I make the ajax call, then load a new page/refresh the page, and then close the browser, session.auth.remember is saved.

Is there any reason why a page refresh/load does this, and why the ajax call alone will not save session.auth.remember and session.auth.expiration (and thus keep the user logged in)?

[Dave Stoll]

I'm not sure but I believe it has something to do with cookies only being sent as part of the header. I could be completely off base though. 

--

Sent from my mobile device. Please excuse brevity and typos. 

--
 
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/HdoErSDw-z8/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Anthony]

Please show your code.

[Mark Li]

Here's the relevant part of the code I'm using. I make an ajax call to the function below

def ajax_login():
    email = request.vars.email
    password = request.vars.password
    remember_me = request.vars.remember_me

    user = auth.login_bare(email, password)
    if user:
        if remember_me:

[Anthony]

Yes, sorry, there's one more thing you have to do -- you have to convert the session cookie to a non-session cookie:

response.cookies[response.session_id_name]["expires"] = session.auth.expiration

That will happen the next time Auth is initialized (which would happen on the next request), but it won't happen if you simply close the browser.

Anthony

[Mark Li]

Ahh yep that did the trick, thanks for the help Anthony!

[Lisandro]

I'm having trouble to get this to work.

I've already implemented my own login through ajax, but I can't get to work the "remember me" part.

This is my code:

def _login():
    email = request.post_vars.email
    password = request.post_vars.password
    remember = request.post_vars.remember
    user = auth.login_bare(email, password)

    if not user:

        return response.json({'success':False})

    else:
        if remember:
            session.auth.expiration = 3600 * 24 * 30 # one month

            session.auth.remember = True

            response.cookies[response.session_id_name]["expires"] = session.auth.expiration

        return response.json({'success':True})

However, I login, close the browser, reopen it, and I'm asked to login again. What am I missing? 

[Mark Li]

I'm not quite sure, all the relevant parts of your code match mine. I did just test this on my local site, and it doesn't work. However, it does work for the live site, so I'm going to take a look and see what's going on.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)

---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/HdoErSDw-z8/unsubscribe.

To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Mark Li]

Alrighty just figured out my problem, hopefully it will apply to your case, Lisandro!

The "name" attribute of the "remember_me" checkbox input is actually "keep me logged in" on my local site (not sure if this changed with web2py versions, or I just made this change and forgot it). Thus, request.vars.remember_me was None every time, even if the checkbox was actually checked. I changed my javascript and python code to use "keep_me_logged_in" instead of "remember_me", and now it's working,

I would suggest using "print request.vars" in your login code, so you can see what vars are actually getting passed in from the form. If there is no "remember_me" variable, then that's most likely your main problem.

[Lisandro Rostagno]

Thank you very much Mark for your comments!
I digged in a little more, I opened the gluon/tools.py file, and did a
search of "expiration" and "remember" to see where the code makes use
of that variables. And I found out that I was reffering to
session.auth.remember but the correct way was
session.auth.remember_me, so, changing that did the trick for me.

Thanks again!