Anton Mostovenko
Jul 12, 2018, 9:33:37 AM7/12/18
to iDempiere
Hello community,
Recently my team faced an issue. We wanted to do some manipulations with Users (AD_User) in our system. We decided to rename some part of the existing Users to prevent people from logging in using their credentials (but records must be left in the system for a history) and to create new set of users, using the old names.
We thought that employees will not see the difference and continue to use the same credentials, but technically it would be a new user accounts.
But, almost every user had an enabled option "remember me". And because of that, everyone was using old renamed AD_User to log in. System built in a such way, that it "remembers" not the Username, but AD_Session_ID with AD_User_ID in it. And the Username automatically would be taken from DB via AD_User_ID and placed in Username field.
What do you think, is it an appropriate way to "remember" credentials? Is it possible to add feature to store only username as a text?
Recently my team faced an issue. We wanted to do some manipulations with Users (AD_User) in our system. We decided to rename some part of the existing Users to prevent people from logging in using their credentials (but records must be left in the system for a history) and to create new set of users, using the old names.
We thought that employees will not see the difference and continue to use the same credentials, but technically it would be a new user accounts.
But, almost every user had an enabled option "remember me". And because of that, everyone was using old renamed AD_User to log in. System built in a such way, that it "remembers" not the Username, but AD_Session_ID with AD_User_ID in it. And the Username automatically would be taken from DB via AD_User_ID and placed in Username field.
What do you think, is it an appropriate way to "remember" credentials? Is it possible to add feature to store only username as a text?
From my point of view, Username it is a part of credentials pair (login + password) and in the case of Username change, no one should now the new one, as it is done with password.
Best regards,
palichmos.ru team.
Carlos Antonio Ruiz Gomez
Jul 12, 2018, 3:10:29 PM7/12/18
to idem...@googlegroups.com
Hi Anton,
The "remember me" feature was written when chrome didn't save properly credentials for iDempiere.
Now what I'm using is to disable the remember me feature:
SysConfig ZK_LOGIN_ALLOW_REMEMBER_ME=N
and enable saving it in chrome
SysConfig ZK_LOGIN_ALLOW_CHROME_SAVE_PASSWORD=Y
Regards,
Carlos Ruiz
The "remember me" feature was written when chrome didn't save properly credentials for iDempiere.
Now what I'm using is to disable the remember me feature:
SysConfig ZK_LOGIN_ALLOW_REMEMBER_ME=N
and enable saving it in chrome
SysConfig ZK_LOGIN_ALLOW_CHROME_SAVE_PASSWORD=Y
Regards,
Carlos Ruiz
Reply all
Reply to author
Forward
0 new messages