starred/nsupdate.info-nsupdate-info

Fork 0

mirror of https://github.com/nsupdate-info/nsupdate.info.git synced 2026-04-25 08:35:56 +03:00

[GH-ISSUE #33] add a remember-me per-user profile setting #31

New issue

Closed

opened 2026-02-26 09:35:04 +03:00 by kerem · 5 comments

kerem commented

2026-02-26 09:35:04 +03:00

Owner

Originally created by @ThomasWaldmann on GitHub (Oct 22, 2013).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/33

Some users may want to use rather short term sessions (cookie gets deleted on browser close) while other may want to stay logged in if they close and reopen the browser.

Originally created by @ThomasWaldmann on GitHub (Oct 22, 2013). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/33 Some users may want to use rather short term sessions (cookie gets deleted on browser close) while other may want to stay logged in if they close and reopen the browser.

kerem

2026-02-26 09:35:04 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-02-26 09:35:04 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 6, 2013):

From https://docs.djangoproject.com/en/1.5/topics/http/sessions/ :
"""
By default, SESSION_EXPIRE_AT_BROWSER_CLOSE is set to False, which means session cookies will be stored in users’ browsers for as long as SESSION_COOKIE_AGE. Use this if you don’t want people to have to log in every time they open a browser.

This setting is a global default and can be overwritten at a per-session level by explicitly calling the set_expiry() method of request.session as described above in using sessions in views.
"""

@ThomasWaldmann commented on GitHub (Nov 6, 2013): From https://docs.djangoproject.com/en/1.5/topics/http/sessions/ : """ By default, SESSION_EXPIRE_AT_BROWSER_CLOSE is set to False, which means session cookies will be stored in users’ browsers for as long as SESSION_COOKIE_AGE. Use this if you don’t want people to have to log in every time they open a browser. This setting is a global default and can be overwritten at a per-session level by explicitly calling the set_expiry() method of request.session as described above in using sessions in views. """

kerem commented

2026-02-26 09:35:05 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 12, 2013):

to implement this, we first need to have custom "profile values" in the db.

what's the better way to do that?

a) https://docs.djangoproject.com/en/1.5/topics/auth/customizing/#extending-the-existing-user-model

(the profile model described there, with a one-to-one relationship to User model)

b) https://docs.djangoproject.com/en/1.5/topics/auth/customizing/#substituting-a-custom-user-model

aside from using some way to implement this in our app, it maybe should be discussed with django people whether this does not rather belong into the framework as it only makes a feature user setting that is already supported, but only globally configurable by the framework.

it's also related to security, privacy and ease-of-use whether one rather wants a permanent cookie store on the machine with a default lifetime of 2 weeks or a session cookie, that is deleted when browser is closed.

@ThomasWaldmann commented on GitHub (Nov 12, 2013): to implement this, we first need to have custom "profile values" in the db. what's the better way to do that? a) https://docs.djangoproject.com/en/1.5/topics/auth/customizing/#extending-the-existing-user-model (the profile model described there, with a one-to-one relationship to User model) b) https://docs.djangoproject.com/en/1.5/topics/auth/customizing/#substituting-a-custom-user-model aside from using some way to implement this in our app, it maybe should be discussed with django people whether this does not rather belong into the framework as it only makes a feature user setting that is already supported, but only globally configurable by the framework. it's also related to security, privacy and ease-of-use whether one rather wants a permanent cookie store on the machine with a default lifetime of 2 weeks or a session cookie, that is deleted when browser is closed.

kerem commented

2026-02-26 09:35:05 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 14, 2013):

http://stackoverflow.com/questions/15100400/django-remember-me-with-built-in-login-view-and-authentication-form

https://pypi.python.org/pypi/django-auth-remember/0.3 (see also links there)

@ThomasWaldmann commented on GitHub (Nov 14, 2013): http://stackoverflow.com/questions/15100400/django-remember-me-with-built-in-login-view-and-authentication-form https://pypi.python.org/pypi/django-auth-remember/0.3 (see also links there)

kerem commented

2026-02-26 09:35:05 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 14, 2013):

for security reasons, default is a session cookie now that clears on browser close, see 182671783d

@ThomasWaldmann commented on GitHub (Nov 14, 2013): for security reasons, default is a session cookie now that clears on browser close, see 182671783dbc4d3175f59b5594366a7480f778af

kerem commented

2026-02-26 09:35:05 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 16, 2013):

done 56341d0581

@ThomasWaldmann commented on GitHub (Nov 16, 2013): done 56341d05819522c60e5b043917554cc741e80e71

kerem referenced this issue

2026-02-26 09:37:02 +03:00

[GH-ISSUE #332] Major security issue with nerdpol.ovh - Urgent! #261