Core: "Remember Me" style checkbox at login.

For the record, remembering the login for 2 weeks is currently the default behaviour (unless you explicitly log out).

For security reasons I wouldn't allow permanent login, as I also think the session is extended once you login again within that twee week period?

Ah, I'll do some double checking. It seemed that each time I completely closed my browser I would be required to login again to the two flarum installs I have going right now. This feature was a request of the forum users (on both forums which are separate groups of people too) Probably used to that type of convenience feature which almost everything has these days. It could be a configured option maybe so more "security" focused forums wouldn't have to enable it.

Ah, I just tested it. I was logged in to my forum and had posted something recently. I closed my browser and when I opened it again I wasn't logged in anymore.

So I logged in, then closed the browser, opened it again, and I was still logged in. Tested that a few times and it was consistent.

So the 2 weeks is from your last actual login opposed to last use of the forum?

Yep, 2 weeks from your last login, not the last visit.

That's actually a bug in my eyes. If that changes, though, it's probably worth adding the checkbox, as you suggested. :+1:

I agree that it should be 2 weeks from last visit. It seems fair that if you haven't visited in 2 weeks you need to re-login. Of course, I'm still also in favor of an optional remember me checkbox that could also be configured (enabled, not enabled, not allowed for admins, etc) in the flarum config at some point.

@franzliedke That's actually a bug in my eyes.

Yep, it's a bug, and I've fixed it in code I'll push later today :D

@franzliedke will be so happy to be able to see again @tobscure , no bug in his eye anymore.. ;)

Thanks guys!

This is fixed in dev-master (remembering for 2 weeks from the last visit)

Thanks @tobscure

I'd like to reopen this issue for further discussion of the possibility suggested by @bwmarrin ...

Of course, I'm still also in favor of an optional remember me checkbox that could also be configured (enabled, not enabled, not allowed for admins, etc) in the flarum config at some point.

... particularly with regard to the security considerations mentioned in this thread. The idea would be to allow the current behavior (creation of a cookie that won't expire for two weeks) only if the user put a checkmark in the box. Users who prefer that the cookie be deleted at the end of the session could then simply avoid putting a checkmark there at login. Some configurability might be useful, but the checkbox itself seems like a good thing to have from the security perspective.

Agreed.