Launchpad itself

need persistent logins

Bug #676 reported by Daniel Stone
10
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Medium
Stuart Bishop

Bug Description

Launchpad login cookies should be persistent.

That just about sums it all up, really. I have no idea of the number of websites I'm logged in to (Launchpad, theage.com.au, slashdot.org, bbc.co.uk, livejournal.com, lwn.net), and I'd love it if, like all the others -- and the ones that I can't think of right now, but will know about if I clear my cookies -- Launchpad's logins were persistent. Even if only for some period of time, longer than 'your session'.

See original description
Revision history for this message
Stuart Bishop (stub) wrote :

If we do this (+1 for me - I prefer things this way), we need to ensure session information persists between server restarts. I suspect I should see writing a session storage plugin to store data in the RDMBS rather than in ZODB.

Christian Reis (kiko)
summary: - That just about sums it all up, really
+ Launchpad login cookies should be persistent.
Revision history for this message
Sebastien Bacher (seb128) wrote :

I agree, this bug is really annoying when you restart your web browser quite often and do bug triage.

Revision history for this message
Christian Reis (kiko) wrote :

I have a tentative fix for this up for review. One question is, however, how long should we set the cookie for. Opinions?

Revision history for this message
Stuart Bishop (stub) wrote :

<opinion>
Assuming this is optional (a tick box on the login page, so people using untrusted machines don't get their credentials cached), 3 months to infinite. I don't think it will be uncommon for some people to not use launchpad for several months at a stretch.
</opinion>

Revision history for this message
Stuart Bishop (stub) wrote :

I'm pretty certain this involves persistent session storage on the server too (currently, session information is stored in RAM and thrown away after a few hours of inactivity).

Revision history for this message
Christian Reis (kiko) wrote :

Oh. Why is the session information thrown away? I thought this only happened when the server bounced; I've never been knowingly logged out by Launchpad without closing my browser (AFAICR).

Yes, we could add a "remember me" checkbox in the login page.

Revision history for this message
Dafydd Harries (daf) wrote :

Rather than a "Remember me" checkbox, we could make it so that peristent logins are the default and an option called "Shared computer" or "Public computer" turns it off. I've seen a few sites take this approach.

I don't see any advantage to using a RDBMS rather than the ZODB, though.

Dafydd Harries (daf)
Changed in launchpad:
status: New → Accepted
Revision history for this message
Steve Alexander (stevea) wrote :

Persistent rdb sessions are landing soon. After that, we'll be able to make login sessions last longer.

Stuart Bishop (stub)
Changed in launchpad:
assignee: nobody → stub
Stuart Bishop (stub)
Changed in launchpad:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.