Developer forum

Forum » Feature requests » Extranet Login cookie auto login for session and x days

Extranet Login cookie auto login for session and x days

E-mail notifications
Remi Muller
Reply
Posted on 27/05/2014 12:40:15

Auto login for extranet uses a cookie which valid for 30 day(configurable).
This is already possible.

 

I like to have the following change.

Make it possible to have auto login work with a session cookie by default. (as an option in the backend or a checkbox)

And if the user want's to use auto login for a longer period that he accepts the auto login for x days.


Replies

 
Morten Bengtson
Posted on 27/05/2014 13:12:54
Reply

"Make it possible to have auto login work with a session cookie by default. (as an option in the backend or a checkbox)"

- But then the login will expire at the end of the session, which is the same behaviour as when auto login is disabled?

"And if the user want's to use auto login for a longer period that he accepts the auto login for x days."

- The user can already enable/disable autologin, but not select a specific number of days. Why should the user be able to select the number of days?

<form method="post">
    <input type="hidden" name="DWExtranetUsernameRemember" value="True" />
    <input type="hidden" name="DWExtranetPasswordRemember" value="True" />
    <label>Username:<input type="text" name="username" value="<!--@DwExtranetUsername-->" /></label>
    <label>Password:<input type="password" name="password" value="<!--@DwExtranetPassword-->" /></label>
    <fieldset>
        <legend>Keep me logged in for 30 days</legend>
        <label><input type="radio" name="AutoLogin" value="True" />Yes</label>
        <label><input type="radio" name="AutoLogin" value="False" checked />No</label>
    </fieldset>
    <input type="submit" value="Log in" />
</form>
 
Remi Muller
Posted on 27/05/2014 13:26:06
Reply

No the user should not be able to choose the number of days.

I'd like to enable session cookie by default on some installations.

The end-user can only choose for auto login for 30 days.

 

The reason i want auto login for the session cookie is because when the asp.net session times out after 20 min. As soon as the user interacts with the website the session cookie can auto login the current dw extranet user.

Just like the current autologin cookie works but then only valid for the session cookie. This session cookie lives longer than the asp.net session and resolves issues with end-users being logged off after being inactive for 20min.

 
Morten Bengtson
Posted on 27/05/2014 14:34:10
Reply

"This session cookie lives longer than the asp.net session"... But if the cookie lives longer than the session then it's not a session cookie ;-)

If you just need to keep the session alive, you can send heartbeats to the server.

 
Imar Spaanjaars Dynamicweb Employee
Imar Spaanjaars
Posted on 27/05/2014 14:41:16
Reply

>> But if the cookie lives longer than the session then it's not a session cookie ;-)

I don't think I agree. Session cookies are cookies without an explicit Expiry date. This means they automatically expire when you close your browser. These cookies are completely independent of ASP.NET session state (which just also happens to be tracked with a session cookie).

Imar

 
Morten Bengtson
Posted on 27/05/2014 14:50:59
Reply

Yeah, you're right about that, Imar. My bad :)

 
Remi Muller
Posted on 27/05/2014 15:27:36
Reply

The heartbeat is a nice workaround.

Also think about the server resources. If i have 20 inactive customers they take quite some server memory which is actually not needed until the user becomes active again. This where the auto login session cookie can help :)