Login grace period
|Reported by:||azaozz||Owned by:||azaozz|
After the cookies expire there is a "grace period" of one hour for POST and AJAX request. However this doesn't work when the user clicks "Remember Me" on the login screen. The cookies are set with the same expiration time as the $expiration component in them. When that time comes, the browser doesn't send the cookies and the $expired += HOUR_IN_SECONDS; is pointless. This works when the Remember Me in not checked as the cookies are set for the session, i.e. last as long as the browser is open.
Change History (6)
- Owner set to azaozz
- Resolution set to fixed
- Status changed from new to closed