Bug #22049
openAuthentication token expires too early, especially considering 2FA issues
0%
Description
Especially in light of https://redmine.gc.cuny.edu/issues/18032, the authentication token expires too early. Can we extend it?
Updated by Raymond Hoh 12 days ago
When you login, check the "Remember Me" box and that should allow you to keep your login session open for two weeks instead of two days or when you close your browser. Is two weeks a suitable amount of time?
Updated by Raffi Khatchadourian 11 days ago
Raymond Hoh wrote in #note-2:
When you login, check the "Remember Me" box and that should allow you to keep your login session open for two weeks instead of two days or when you close your browser. Is two weeks a suitable amount of time?
I typically do not check this box only because my browser fills in the login information and submits it before I have a chance to. If I can remember, I'll tick that box first and then let the browser do the autofill, but it's rare. Is there anyway this box can be ticked by default? That way, if the browser does the autofill, that will be checked by default.
Two weeks is a bit short. Could it be four weeks?
Updated by Boone Gorges 11 days ago
Both of these behaviors (two-week auth cookies and opt-in "remember me") are default WP settings, and are designed to default to more conservative settings. I'll discuss with the team, but absent widespread community requests, I don't think it's something we'd change in the near term.