Remember Me Feature for Authentication

Morning guys,

i need a “Remember Me” checkbox in my Login-Form. Does anybody know of a plugin which does that?
With core-features this seems not to be possible right now as the sessionTimeout is configured globally for every user by configuration and cannot be “manipulated” on a per user basis.
For most projects there is no budget for individually creating a plugin for that with a complex cookie-handling. In my opinion this is a standard feature which should be past of the flow authentication framework. I am thinking about creating a plugin for that if nothing exists but i think i am missing something

I’d be open to support an effort to make it adjustable per authentication in core.

Hi Alexander,
thats great! I guess the two member variables “$sessionCookieLifetime” and “$inactivityTimeout” of Neos\Flow\Session\Session need to be set/altered during authentication to make that work right? I would be willing to invest some private time of mine to bring that forward, but i am not sure what the concrete solution might be.

Maybe something like this?

  • Add a “rememberMe” property to the UsernamePassword-Token
  • Somehow make the timeout and livetime in Session settable
  • Provide a slot for the emitSuccessfullyAuthenticated signal of the AuthenticationProviderManager where the timeout gets set after successful authentication

Worth taking this topic into account

instead of increasing session lifetime and/or using a server side cache, you could also use a client side cookie to store some auth token (JWT for example).
In any case, for security reasons the token should probably not be valid “forever”, but be refreshed before it expires.