diff --git a/app/controllers/maintenance/user/deletions_controller.rb b/app/controllers/maintenance/user/deletions_controller.rb
index a8254da37..9f3f592ce 100644
--- a/app/controllers/maintenance/user/deletions_controller.rb
+++ b/app/controllers/maintenance/user/deletions_controller.rb
@@ -8,7 +8,7 @@ module Maintenance
deletion = UserDeletion.new(CurrentUser.user, params[:password])
deletion.delete!
session.delete(:user_id)
- cookies.delete(:cookie_password_hash)
+ cookies.delete(:password_hash)
cookies.delete(:user_name)
redirect_to(posts_path, :notice => "You are now logged out")
end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 807cf2c37..3081944d0 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -7,7 +7,7 @@ class SessionsController < ApplicationController
end
def create
- session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], request.remote_ip, params[:remember], request.ssl?)
+ session_creator = SessionCreator.new(session, params[:name], params[:password], request.remote_ip)
if session_creator.authenticate
url = params[:url] if params[:url] && params[:url].start_with?("/")
diff --git a/app/javascript/src/styles/specific/sessions.scss b/app/javascript/src/styles/specific/sessions.scss
deleted file mode 100644
index 1ed32256d..000000000
--- a/app/javascript/src/styles/specific/sessions.scss
+++ /dev/null
@@ -1,9 +0,0 @@
-div#c-sessions {
- div#a-new {
- label#remember-label {
- display: inline;
- font-weight: normal;
- font-style: italic;
- }
- }
-}
diff --git a/app/logical/session_creator.rb b/app/logical/session_creator.rb
index cf22bbdaa..16bb57e8d 100644
--- a/app/logical/session_creator.rb
+++ b/app/logical/session_creator.rb
@@ -1,34 +1,18 @@
class SessionCreator
- attr_reader :session, :cookies, :name, :password, :ip_addr, :remember, :secure
+ attr_reader :session, :name, :password, :ip_addr
attr_reader :user
- def initialize(session, cookies, name, password, ip_addr, remember = false, secure = false)
+ def initialize(session, name, password, ip_addr)
@session = session
- @cookies = cookies
@name = name
@password = password
@ip_addr = ip_addr
- @remember = remember
- @secure = secure
end
def authenticate
if User.authenticate(name, password)
@user = User.find_by_name(name)
- if remember.present?
- cookies.permanent.signed[:user_name] = {
- :value => @user.name,
- :secure => secure,
- :httponly => true
- }
- cookies.permanent[:password_hash] = {
- :value => @user.bcrypt_cookie_password_hash,
- :secure => secure,
- :httponly => true
- }
- end
-
session[:user_id] = @user.id
@user.update_column(:last_ip_addr, ip_addr)
return true
diff --git a/app/logical/session_loader.rb b/app/logical/session_loader.rb
index be7c70c15..25c9c4438 100644
--- a/app/logical/session_loader.rb
+++ b/app/logical/session_loader.rb
@@ -27,7 +27,7 @@ class SessionLoader
update_last_ip_addr
set_time_zone
set_safe_mode
- set_started_at_session
+ initialize_session_cookies
CurrentUser.user.unban! if CurrentUser.user.ban_expired?
ensure
DanbooruLogger.add_session_attributes(request, session, CurrentUser.user)
@@ -114,9 +114,12 @@ private
CurrentUser.safe_mode = safe_mode
end
- def set_started_at_session
- if session[:started_at].blank?
- session[:started_at] = Time.now.utc.to_s
- end
+ def initialize_session_cookies
+ session.options[:expire_after] = 20.years
+ session[:started_at] ||= Time.now.utc.to_s
+
+ # clear out legacy login cookies if present
+ cookies.delete(:user_name)
+ cookies.delete(:password_hash)
end
end
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 70c2c2799..87d7d0ab7 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -13,9 +13,6 @@
<%= password_field_tag :password %>
-
- <%= check_box_tag :remember, "1", true %>
-