- Issue created by @spadxiii
- Merge request !15Issue #3485605: Configurable lifetime type: days or hours → (Open) created by spadxiii
- 🇳🇱Netherlands spadxiii
Added a merge-request with the changes I made for this feature request.
- 🇳🇱Netherlands spadxiii
(oops, double post; submit didn't seem to work first time)
- 🇨🇦Canada gapple
Can you elaborate on your use-case of this short of a token lifetime, and why you would like to do this with Persistent Login rather than setting a short session lifetime or use a module that enforces a session timeout after a configurable period?
With the module's recommended setting of the
cookie_lifetimeto0, a browser will keep the session cookie until the browser is closed (provided it isn't still kept longer because of a session restore feature). With browsers remaining open in the background even when all windows are closed, the short-lifetime PL token could expire before the browser cleans up the session cookie.
Since the session cookie takes precedence, it will in most cases likely outlive a short persistent login. - 🇨🇦Canada gapple
I don't think a short persistent login lifetime is useful, since PL cookies are intended to have a longer lifetime than session cookies, and are ineffective in the inverse case.
If you can better outline your use-case, and how it's addressed by allowing short PL lifetimes, please reopen the issue.