[TYPO3-core] RFC: Permanent login for FE Users

[Ingmar Schlecht]

Committed to trunk.

Here are some comments:

Bernhard Kraft wrote:
> Ingmar Schlecht wrote:
>> Implement support for a new checkbox form field "permalogin" for the
>> user to decide whether to be logged in permanently or not.
> 
> Ok.
> 
> Altough I am not quite fine with the default value of "0" which means
> that FE-Users
> have the choice of permalogin by default. I would opt for setting it to
> -1 meaning
> the admin will have to step in when upgrading from a previous version
> and wanting to
> have permalogin instead of "forcing" him to make settings to disable new
> features ...

OK.

I have changed the default value to 2 (= force permalogin) now, which
means exactly the same behavior as before:

If lifetime = 0 a session cookie will be set, and if it lifetime > 0, a
permanent login will be enforced.

> The current implementation allows permalogin only when the FE cookie
> lifetime is manually
> set to a value > 0. this means that by deafult (when the user didn't
> change the lifetime)
> it will already be the case that permalogins will not work - but
> contradicting this case
> the permalogin box is still shown in the newloginbox making it unusable
> ... i opt for changing
> the above line to

Right, I'll make newloginbox hide the checkbox in case of lifetime=0.

> +1 from me ... i looked at the code and it is ok ...
> 
> How to cope with issue 1 do not exactly know - what is the security
> policy about new features
> in T3 - should they be allowed by default when they allow more rights to
> visitors or be disabled
> by default ?
> 
> I would also consider it important that no new box shows up on a login
> box when the admin performs
> an update - if he does not perform an action on his side.

Since I have set the default to 2 now, the behavior is exactly like it
was before unless otherwise configured. Do you think it's OK like that?

cheers
Ingmar