Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted July 15, 20168 yr The persistence and lifespan of cookies responsible for automatic user log on ("ips4_member_id" and "ips4_pass_hash") should be adjustable, either in ACP or constants.php. We have written a custom login handler that talks to our in-house OAuth2 authorization service. User sessions in that service cannot be persistent across browser sessions for security reasons. As IPS behaves differently in this respect, the end result is that our users are logged in to IPS but not to our OAuth service.
July 15, 20168 yr 26 minutes ago, Pawel Pesz said: The persistence and lifespan of cookies responsible for automatic user log on ("ips4_member_id" and "ips4_pass_hash") should be adjustable, either in ACP or constants.php. We have written a custom login handler that talks to our in-house OAuth2 authorization service. User sessions in that service cannot be persistent across browser sessions for security reasons. As IPS behaves differently in this respect, the end result is that our users are logged in to IPS but not to our OAuth service. That's not the way oauth2 is supposed to work. That is for authorizing the user's login, not for authorizing the user's session, the latter of which is quite intentionally left to the application to handle. Not sure why you would actively force people to log in every time they view the site instead of allowing it to be remembered...
Archived
This topic is now archived and is closed to further replies.