Remember login

Wappler General How To
1

Hello everyone. Who can explain the reason why I leave the “remember” field empty:
1

I leave the cookie fields empty:
3

But cookies are still created and the login is saved even if the user closes the browser and opens the application later:
2

What needs to be done so that the login is valid only for the duration of the session and after the end of the session a re-login is required?

2

The remember option sets a cookie which keeps the user logged in after the session ends / browser is closed.
If this option is empty, the login will be only valid for the session. When the users close the browser and reopen it then they won’t be logged in.

3

Hi @Teodor. Thanks for the quick response. Yes, I thought so, but above I show that in practice this is not the case. As shown in my screenshots, my “remember” field is empty and the application still generates a token and remembers the user when visiting the application again, even if the session was completed.

I use nodejs, docker and redis.

What can I do to fix this?

5

Are you sure a cookie is actually created? Can you expand the panel to see the value in “Expires” column? If remember is empty it will say Session, which means this expires when the session ends …

6

The .sid cookie is a session cookie and not the authentication cookie from the remember me option. The session cookie only lives short, depending on your settings about 30 minutes while the remember me cookie will remember the user for multiple days.

7

Thanks @Teodor and @patrick. Yes, indeed, in the “Expiration / Max age” field there is a Session value. I will run additional tests with more situations and waiting times. Perhaps the situation arises in cases when the user closes the application and opens it after 10-15 minutes and turns out to be logged in, since the cookie lifetime has not expired yet. If so, is it possible to make a logout happen immediately after the application is closed (tab is closed / the browser is closed)?

8

I did a thorough testing of the problem, the results showed that the problem exists and cookies do not work as you indicate above.

What I was doing:

  1. I created a special website for test (nodejs, docker, redis) with the following login and cookie settings:
    4
    5
    5427×551 6.55 KB
  2. Logged in and then checked the relevance of cookies at the following time intervals after closing the browser tab:
    a) 30 minutes after closing browser tab;
    b) 2 hours after closing browser tab;
    c) 8 hours after closing browser tab;
    d) 36 hours after closing browser tab;

Cookies have always remained unchanged:

6
6932×372 8.12 KB

And the user remained (and still remain) logged in on site!

Perhaps this is somehow influenced by redis?

9

In the Workflows/Server Actions tab open the Server Connect Settings. There you can configure the Sessions settings, you can set it to Redis and set the Session TTL in seconds (300 is 5 minutes).

image

1 Like