The expiry time for a login is determined when a user first logs in, to be 30 days (by default) from that first login. This does not change even if the user returns to the site within those 30 days. I'd like it if the expiry time could be reset to a further 30 days every time the user returns to the site.
I've managed to implement this by changing a single line of code in _persistent_login_create_cookie(). This was line 417 in the 6.x-1.4 release. Originally, it read:
$expires = (isset($edit['pl_expires']) ? $edit['pl_expires'] : (($days > 0) ? time() + $days * 86400 : 0));
I changed it to:
$expires = (($days > 0) ? time() + $days * 86400 : 0);
Is there any unforseen security risk that I've introduced by doing this? Would it be possible to add this change as an optional feature?
Needs review
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Issue #735004: Allow extending expiry of tokens