Session Management
Login and Admin UI Remember Me
This is a follow up about https://github.com/SignalK/signalk-server/pull/1670 and the login infinite look it creates in KIP
I assumed the Admin UI worked like most sites: check the box and it log's you in automatically. You still need to get a token and it expires but it will renew automatically in the background for you. In any case, thats not really the issue since it's a login feature of the Admin UI, right?
I think the "Remember Me timeout" should only affect the Admin UI and not the login API response token TTL. In my view they are two separate things.
Because they are tied and v2.6 changes "Remember Me timeout=NEVER" as the default (see thread from Jess on this) it has more impact and will create support questions, at least for Kip.
NEVER was not listed and an option before in the "Remember me" (still not in v2.6). It only used to apply to Device Tokens. At least from a UI perspective (see image).
In short, I think the Admin UI "Remember Me timeout" and how the login API generates User Session token expiration should be two separate settings. Else the Admin IU's "Remember Me timeout" settings also affect all other apps using the login API, be it from a local or a remote call. Makes sense?
This is a follow up about https://github.com/SignalK/signalk-server/pull/1670 and the login infinite look it creates in KIP
I assumed the Admin UI worked like most sites: check the box and it log's you in automatically. You still need to get a token and it expires but it will renew automatically in the background for you. In any case, thats not really the issue since it's a login feature of the Admin UI, right?
I think the "Remember Me timeout" should only affect the Admin UI and not the login API response token TTL. In my view they are two separate things.
Because they are tied and v2.6 changes "Remember Me timeout=NEVER" as the default (see thread from Jess on this) it has more impact and will create support questions, at least for Kip.
NEVER was not listed and an option before in the "Remember me" (still not in v2.6). It only used to apply to Device Tokens. At least from a UI perspective (see image).
In short, I think the Admin UI "Remember Me timeout" and how the login API generates User Session token expiration should be two separate settings. Else the Admin IU's "Remember Me timeout" settings also affect all other apps using the login API, be it from a local or a remote call. Makes sense?
