InsERT Webmaster Posted July 15, 2016 Share Posted July 15, 2016 The persistence and lifespan of cookies responsible for automatic user log on ("ips4_member_id" and "ips4_pass_hash") should be adjustable, either in ACP or constants.php. We have written a custom login handler that talks to our in-house OAuth2 authorization service. User sessions in that service cannot be persistent across browser sessions for security reasons. As IPS behaves differently in this respect, the end result is that our users are logged in to IPS but not to our OAuth service. Link to comment Share on other sites More sharing options...
Marcher Technologies Posted July 15, 2016 Share Posted July 15, 2016 26 minutes ago, Pawel Pesz said: The persistence and lifespan of cookies responsible for automatic user log on ("ips4_member_id" and "ips4_pass_hash") should be adjustable, either in ACP or constants.php. We have written a custom login handler that talks to our in-house OAuth2 authorization service. User sessions in that service cannot be persistent across browser sessions for security reasons. As IPS behaves differently in this respect, the end result is that our users are logged in to IPS but not to our OAuth service. That's not the way oauth2 is supposed to work. That is for authorizing the user's login, not for authorizing the user's session, the latter of which is quite intentionally left to the application to handle. Not sure why you would actively force people to log in every time they view the site instead of allowing it to be remembered... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.