Keep user logged in / Cookie authentication

Hello,

is there a good way to keep a user logged in with a cookie?

I’ve already created a CookieToken and a CookieProvider. And i stored a uuid (cookie value) in the database together with the related account.
But I think it is not good to call the ‘authenticate()’ method from the ‘AuthenticationProviderManager’ to authenticate at every request.

Thanks.

Hendrik

Hi,

Unfortunately that feature is not yet built into the Flow authentication framework.
But you could use something like JWT to store a token in a cookie and only re-create it on the server-side when it is about to expire. https://gist.github.com/bwaidelich/cd9f0d2358a50db27b56 might help

Thanks.
But how can it be authenticated without being redirected to the authentication action?
So if the user opens the website the next day it should be automatically authenticated. :wink:

How about setting a persisted cookie?

Because thats what I already do.
The problem is, that the tokens were only processed when the authentication is necessary (or after the login).

When the user is revisiting the website after a few days he should still be authenticated, no matter which page (controller-action) he is requesting.

But it seems that this is not implemented yet.

Hi!

I’ve solved this problem by first retrieving sessionSettings[‘inactivityTimeout’]
after login and implementing a JS timer which fires five seconds before timeout.
The timer function itself calls a controller in my project via ajax.
And this call retriggers the current session… This method prevents every
session timeout until active logoff (or closing the browser).
Additonal you don’t need cookies…

2 Likes