Merge pull request #9909 from creative-commoners/pulls/4/remember-thirty

ENH Reduce default token period from 90 to 30 days
This commit is contained in:
Andre Kiste 2021-04-08 12:39:22 +12:00 committed by GitHub
commit dcdc25500b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 2 deletions

View File

@ -139,7 +139,8 @@ class MyMemberExtension extends DataExtension
Logins can be "remembered" across multiple devices when user checks the "Remember Me" box. By default, a new login token Logins can be "remembered" across multiple devices when user checks the "Remember Me" box. By default, a new login token
will be created and associated with the device used during authentication. When user logs out, all previously saved tokens will be created and associated with the device used during authentication. When user logs out, all previously saved tokens
for all devices will be revoked, unless [`RememberLoginHash::$logout_across_devices`](api:SilverStripe\Security\RememberLoginHash::$logout_across_devices) is set to false. For extra security, for all devices will be revoked, unless [`RememberLoginHash::$logout_across_devices`](api:SilverStripe\Security\RememberLoginHash::$logout_across_devices) is set to false. For extra security,
single tokens can be enforced by setting [`RememberLoginHash::$force_single_token`](api:SilverStripe\Security\RememberLoginHash::$force_single_token) to true. single tokens can be enforced by setting [`RememberLoginHash::$force_single_token`](api:SilverStripe\Security\RememberLoginHash::$force_single_token) to true. Tokens will be valid for 30 days by
default and this can be modified via [`RememberLoginHash::$token_expiry_days`](api:SilverStripe\Security\RememberLoginHash::$token_expiry_days).
## Acting as another user ## Acting as another user

View File

@ -49,3 +49,11 @@ for GraphQL 3 code in the `_legacy` folder, alongside `code/` / `src/`.
It is likely that in the future, we will mandate the use of GraphQL 4 in Silverstripe CMS, and It is likely that in the future, we will mandate the use of GraphQL 4 in Silverstripe CMS, and
remove this shim. We expect this happen within just one minor release, making `_legacy/` a very short-lived workaround. remove this shim. We expect this happen within just one minor release, making `_legacy/` a very short-lived workaround.
## Enhancements
### Default time period for log in form "remember me" checkbox reduced from 90 to 30 days
Based on feedback from users, we've reduced the time period of the "remember me" checkbox on the login form from
90 to 30 days. This value is configurable via `SilverStripe\Security\RememberLoginHash::token_expiry_days`.

View File

@ -60,7 +60,7 @@ class RememberLoginHash extends DataObject
* @config * @config
* @var int * @var int
*/ */
private static $token_expiry_days = 90; private static $token_expiry_days = 30;
/** /**
* Number of days the device ID will be valid for * Number of days the device ID will be valid for