tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

ENH Reduce default token period from 90 to 30 days

Browse Source
This commit is contained in:
Steve Boyd 2021-04-06 13:22:10 +12:00
parent 5872dce76d
commit 1c7fd287a1
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/en/02_Developer_Guides/09_Security/00_Member.md
View File

@ -139,7 +139,8 @@ class MyMemberExtension extends DataExtension
Logins can be "remembered" across multiple devices when user checks the "Remember Me" box. By default, a new login token
will be created and associated with the device used during authentication. When user logs out, all previously saved tokens
for all devices will be revoked, unless [`RememberLoginHash::$logout_across_devices`](api:SilverStripe\Security\RememberLoginHash::$logout_across_devices) is set to false. For extra security,
single tokens can be enforced by setting [`RememberLoginHash::$force_single_token`](api:SilverStripe\Security\RememberLoginHash::$force_single_token) to true.
single tokens can be enforced by setting [`RememberLoginHash::$force_single_token`](api:SilverStripe\Security\RememberLoginHash::$force_single_token) to true. Tokens will be valid for 30 days by
default and this can be modified via [`RememberLoginHash::$token_expiry_days`](api:SilverStripe\Security\RememberLoginHash::$token_expiry_days).
## Acting as another user

8
docs/en/04_Changelogs/4.8.0.md
View File

@ -49,3 +49,11 @@ for GraphQL 3 code in the `_legacy` folder, alongside `code/` / `src/`.
It is likely that in the future, we will mandate the use of GraphQL 4 in Silverstripe CMS, and
remove this shim. We expect this happen within just one minor release, making `_legacy/` a very short-lived workaround.
## Enhancements
### Default time period for log in form "remember me" checkbox reduced from 90 to 30 days
Based on feedback from users, we've reduced the time period of the "remember me" checkbox on the login form from
90 to 30 days. This value is configurable via `SilverStripe\Security\RememberLoginHash::token_expiry_days`.

2
src/Security/RememberLoginHash.php
View File

@ -60,7 +60,7 @@ class RememberLoginHash extends DataObject
* @config
* @var int
*/
private static $token_expiry_days = 90;
private static $token_expiry_days = 30;
/**
* Number of days the device ID will be valid for