login: remove 'remember' checkbox; make session cookies permanent.

Remove the "Remember" checkbox from the login page. Make session cookies permanent instead. Phase out legacy `user_name` and `password_hash` cookies. Previously a user's session cookies would be cleared whenever they closed their browser window, which would log them out of the site. To work around this, when the "Remember" box was checked on the login page (which it was by default), the user's name and password hash (!) would be stored in separate permanent cookies, which would be used to automatically log the user back in when their session cookies were cleared. We can avoid all of this just by making the session cookies themselves permanent.
2019-11-17 16:42:54 -06:00
parent 9b893db640
commit 320ff01e07
6 changed files with 12 additions and 37 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -7,7 +7,7 @@ class SessionsController < ApplicationController
  end

  def create
-    session_creator = SessionCreator.new(session, cookies, params[:name], params[:password], request.remote_ip, params[:remember], request.ssl?)
+    session_creator = SessionCreator.new(session, params[:name], params[:password], request.remote_ip)

    if session_creator.authenticate
      url = params[:url] if params[:url] && params[:url].start_with?("/")