mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #9909 from creative-commoners/pulls/4/remember-thirty
ENH Reduce default token period from 90 to 30 days
This commit is contained in:
commit
dcdc25500b
@ -139,7 +139,8 @@ class MyMemberExtension extends DataExtension
|
|||||||
Logins can be "remembered" across multiple devices when user checks the "Remember Me" box. By default, a new login token
|
Logins can be "remembered" across multiple devices when user checks the "Remember Me" box. By default, a new login token
|
||||||
will be created and associated with the device used during authentication. When user logs out, all previously saved tokens
|
will be created and associated with the device used during authentication. When user logs out, all previously saved tokens
|
||||||
for all devices will be revoked, unless [`RememberLoginHash::$logout_across_devices`](api:SilverStripe\Security\RememberLoginHash::$logout_across_devices) is set to false. For extra security,
|
for all devices will be revoked, unless [`RememberLoginHash::$logout_across_devices`](api:SilverStripe\Security\RememberLoginHash::$logout_across_devices) is set to false. For extra security,
|
||||||
single tokens can be enforced by setting [`RememberLoginHash::$force_single_token`](api:SilverStripe\Security\RememberLoginHash::$force_single_token) to true.
|
single tokens can be enforced by setting [`RememberLoginHash::$force_single_token`](api:SilverStripe\Security\RememberLoginHash::$force_single_token) to true. Tokens will be valid for 30 days by
|
||||||
|
default and this can be modified via [`RememberLoginHash::$token_expiry_days`](api:SilverStripe\Security\RememberLoginHash::$token_expiry_days).
|
||||||
|
|
||||||
## Acting as another user
|
## Acting as another user
|
||||||
|
|
||||||
|
@ -49,3 +49,11 @@ for GraphQL 3 code in the `_legacy` folder, alongside `code/` / `src/`.
|
|||||||
|
|
||||||
It is likely that in the future, we will mandate the use of GraphQL 4 in Silverstripe CMS, and
|
It is likely that in the future, we will mandate the use of GraphQL 4 in Silverstripe CMS, and
|
||||||
remove this shim. We expect this happen within just one minor release, making `_legacy/` a very short-lived workaround.
|
remove this shim. We expect this happen within just one minor release, making `_legacy/` a very short-lived workaround.
|
||||||
|
|
||||||
|
## Enhancements
|
||||||
|
|
||||||
|
### Default time period for log in form "remember me" checkbox reduced from 90 to 30 days
|
||||||
|
|
||||||
|
Based on feedback from users, we've reduced the time period of the "remember me" checkbox on the login form from
|
||||||
|
90 to 30 days. This value is configurable via `SilverStripe\Security\RememberLoginHash::token_expiry_days`.
|
||||||
|
|
||||||
|
@ -60,7 +60,7 @@ class RememberLoginHash extends DataObject
|
|||||||
* @config
|
* @config
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
private static $token_expiry_days = 90;
|
private static $token_expiry_days = 30;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Number of days the device ID will be valid for
|
* Number of days the device ID will be valid for
|
||||||
|
Loading…
Reference in New Issue
Block a user