Option to make user sessions transient

InsERT Webmaster · July 15, 2016

The persistence and lifespan of cookies responsible for automatic user log on ("ips4_member_id" and "ips4_pass_hash") should be adjustable, either in ACP or constants.php.

We have written a custom login handler that talks to our in-house OAuth2 authorization service. User sessions in that service cannot be persistent across browser sessions for security reasons. As IPS behaves differently in this respect, the end result is that our users are logged in to IPS but not to our OAuth service.

Marcher Technologies · July 15, 2016

26 minutes ago, Pawel Pesz said:

The persistence and lifespan of cookies responsible for automatic user log on ("ips4_member_id" and "ips4_pass_hash") should be adjustable, either in ACP or constants.php.

We have written a custom login handler that talks to our in-house OAuth2 authorization service. User sessions in that service cannot be persistent across browser sessions for security reasons. As IPS behaves differently in this respect, the end result is that our users are logged in to IPS but not to our OAuth service.

That's not the way oauth2 is supposed to work. That is for authorizing the user's login, not for authorizing the user's session, the latter of which is quite intentionally left to the application to handle. Not sure why you would actively force people to log in every time they view the site instead of allowing it to be remembered...

Five Invision Community 5 features your members will love

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Option to make user sessions transient

Recommended Posts

InsERT Webmaster

Marcher Technologies

Archived

Recently Browsing 0 members

More