[TurboGears] #2421: No apparent way to implement "remember me" into a login form

7 views
Skip to first unread message

TurboGears

unread,
Dec 3, 2009, 4:31:04 AM12/3/09
to turbogear...@googlegroups.com
#2421: No apparent way to implement "remember me" into a login form
----------------------------+-----------------------------------------------
Reporter: seedifferently | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: __unclassified__
Component: TurboGears | Version: trunk
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
Currently the default repoze.who implementation keeps a login active
during the duration of the session. As soon as the session is closed, the
auth info is lost. Having a "remember me" checkbox is a common option on
logins to keep the auth information longer than the duration of the
session. This way the login can be skipped during later visits.

When trying to implement this for a client today, I spent several hours
digging around for an optimal solution before finally throwing an
embarrassingly terrible monkey-patch into the repose.who auth_tkt plugin
file.

Can a solution for this please be documented or implemented? Perhaps
there's a way to use base_config.sa_auth.form_plugin to inject the
"identity" object with a max_age parameter, but I simply could not figure
it out or find a helpful lead on it.

Gustavo added this capability to repoze.who several months ago, but I am
unsure how it could be implemented on the TG side of things. For reference
please see Gustavo's post here:
http://groups.google.com/group/turbogears/browse_thread/thread/da23799e9b13e451

I would be more than happy to write documentation on this if a clear
solution was available.

Thank you,
Seth

--
Ticket URL: <http://trac.turbogears.org/ticket/2421>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development

TurboGears

unread,
Jan 26, 2010, 9:18:53 PM1/26/10
to turbogear...@googlegroups.com
#2421: No apparent way to implement "remember me" into a login form
----------------------------+-----------------------------------------------
Reporter: seedifferently | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 2.1
Component: TurboGears | Version: trunk
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Changes (by percious):

* milestone: __unclassified__ => 2.1

--
Ticket URL: <http://trac.turbogears.org/ticket/2421#comment:1>

TurboGears

unread,
Jan 29, 2010, 7:42:05 AM1/29/10
to turbogear...@googlegroups.com
#2421: No apparent way to implement "remember me" into a login form
----------------------------+-----------------------------------------------
Reporter: seedifferently | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone: 2.1
Component: TurboGears | Version: trunk
Severity: normal | Resolution: fixed
Keywords: |
----------------------------+-----------------------------------------------
Changes (by jorge.vargas):

* status: new => closed
* resolution: => fixed

Comment:

gustavonarea: It's fixed in repoze.what-quickstart v1.0.5:
http://code.gustavonarea.net/repoze.what-quickstart/News.html

--
Ticket URL: <http://trac.turbogears.org/ticket/2421#comment:2>

TurboGears

unread,
Jan 29, 2010, 3:03:43 PM1/29/10
to turbogear...@googlegroups.com
#2421: No apparent way to implement "remember me" into a login form
----------------------------+-----------------------------------------------
Reporter: seedifferently | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: 2.1
Component: TurboGears | Version: trunk
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Changes (by seedifferently):

* status: closed => reopened
* resolution: fixed =>

Comment:

Jorge,

Not to disagree with you, but unless I'm missing something here, the
repoze package updates are only part of the issue and don't exactly close
this ticket.

My understanding of Gustavo's update would mean that adding a
base_config.sa_auth.cookie_timeout value to your app_cfg.py would cause
the login to be remembered for the specified amount of time *every time* a
login was done. That is different than in a "remember me" checkbox-form
instance where sometimes you want the login remembered, and sometimes you
do not (based on the user's input).

Perhaps this is a documentation issue now, but in my opinion there is
still "No apparent way to implement 'remember me' into a login form". The
cookie timeout setting should be dynamic enough that it can be toggled as
easily as processing a checkbox value from a login form.

Thanks,
Seth

--
Ticket URL: <http://trac.turbogears.org/ticket/2421#comment:3>

TurboGears

unread,
Mar 9, 2010, 4:59:31 PM3/9/10
to turbogear...@googlegroups.com
#2421: No apparent way to implement "remember me" into a login form
----------------------------+-----------------------------------------------
Reporter: seedifferently | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: 2.1
Component: TurboGears | Version: trunk
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by Gustavo):

A few weeks ago I received an email requesting this feature. Here's my
response:


{{{
repoze.who-friendlyform is not in charge of remembering the user. This
is why it uses a proper "rememberer" internally -- friendlyform doesn't
read/set cookies.

The place where this should be implemented is in the rememberer used by
friendlyform. So, you can either propose a patch for auth_tkt in
repoze.who or extend friendly form like this:
http://pastebin.com/f7a0abe24

But I'd recommend the first option (fixing it in auth_tkt).

}}}

--
Ticket URL: <http://trac.turbogears.org/ticket/2421#comment:4>

Reply all
Reply to author
Forward
0 new messages