[TYPO3-core] RFC: Permanent login for FE Users
ingmar at typo3.org
Tue Aug 29 22:48:48 CEST 2006
Committed to trunk.
Here are some comments:
Bernhard Kraft wrote:
> Ingmar Schlecht wrote:
>> Implement support for a new checkbox form field "permalogin" for the
>> user to decide whether to be logged in permanently or not.
> Altough I am not quite fine with the default value of "0" which means
> that FE-Users
> have the choice of permalogin by default. I would opt for setting it to
> -1 meaning
> the admin will have to step in when upgrading from a previous version
> and wanting to
> have permalogin instead of "forcing" him to make settings to disable new
> features ...
I have changed the default value to 2 (= force permalogin) now, which
means exactly the same behavior as before:
If lifetime = 0 a session cookie will be set, and if it lifetime > 0, a
permanent login will be enforced.
> The current implementation allows permalogin only when the FE cookie
> lifetime is manually
> set to a value > 0. this means that by deafult (when the user didn't
> change the lifetime)
> it will already be the case that permalogins will not work - but
> contradicting this case
> the permalogin box is still shown in the newloginbox making it unusable
> ... i opt for changing
> the above line to
Right, I'll make newloginbox hide the checkbox in case of lifetime=0.
> +1 from me ... i looked at the code and it is ok ...
> How to cope with issue 1 do not exactly know - what is the security
> policy about new features
> in T3 - should they be allowed by default when they allow more rights to
> visitors or be disabled
> by default ?
> I would also consider it important that no new box shows up on a login
> box when the admin performs
> an update - if he does not perform an action on his side.
Since I have set the default to 2 now, the behavior is exactly like it
was before unless otherwise configured. Do you think it's OK like that?
More information about the TYPO3-team-core