I'm trying to find a way to let my users stay connected during browser restarts similar to a way they can stay logged into a webservice. Currently, a user has to enter their id/password each time they visit the website with my chat, even if they are on a trusted machine. Is there a way to achieve this?
Kind regards,
Daniel
Related to #1119
I can think of roughly two ways to do this.
Store the XMPP password in the browser. Either plaintext (not really secure) or when SCRAM is used as a hash.
Use cookies with a modified mod_auth_http_cookie that doesn't check the cookie against an external service.
Neither solution has an implementation in Converse currently. Any help with this would be appreciated.
Thank you for the information.
An example of the first approach mentioned by @jcbrand without encryption can be found here: https://github.com/alexmat/converse-autologin-example
Looks like this might be a good library for implementing SCRAM using js: https://github.com/linuxwolf/sazzle
@alexmat: Strophe.js (which Converse uses) already does SCRAM-SHA1 login.
https://github.com/strophe/strophejs/blob/master/src/core.js#L3344
I think just storing the password and having the checkbox explicitly say "Store password in browser to automatically login in the future" would be enough due diligence.
Thanks for the inspiration @alexmat. I created a new "autologin" plugin that re-uses Converse's existing login form: https://gist.github.com/laszlovl/1df9ccfbd78bc07d19760ccdcd2ddef0
The plugin works very well for me. Thank you
Could you please reopen, I'd like to have this as a built-in feature without the need for a plugin.
Most helpful comment
Thanks for the inspiration @alexmat. I created a new "autologin" plugin that re-uses Converse's existing login form: https://gist.github.com/laszlovl/1df9ccfbd78bc07d19760ccdcd2ddef0