Remember me

[FlxMgdnz]

Checklist

• I could not find a solution in the existing issues or docs.
• I agree to follow this project's Code of Conduct.

Description

Users should have the option of ending their session automatically when the browser is closed. Depending on the config, in the current implementation either the frontend SDK pulls the JWT from the x-auth-token header or the backend stores the JWT as cookie. In both cases, the session will be active as long as the JWT is valid.

Describe your ideal solution

As a new, optional feature, we can introduce a Remember me checkbox on the login page in Hanko Elements. When enabled, the user can control via the checkbox whether the session should remain valid for the duration of the JWT (old behavior) or whether the JWT should be stored as a session cookie and deleted when the browser is closed.

Proposed new backend config option:

session:
  enable_remember_me: true / false (Default: false)

Workarounds or alternatives

No response

Hanko Version

1.0.2

Additional Context

No response

[Mujhtech]

Hey @FlxMgdnz, I would love to work on this issue. Can you assign it to me?

[Mujhtech]

/assign

[oss-gg]

Assigned to @Mujhtech! Please open a draft PR linking this issue within 48h ⚠️ If we can't detect a PR from you linking this issue in 48h, you'll be unassigned automatically 🕹️ Excited to have you ship this 🚀

[FlxMgdnz]

Hey @Mujhtech I've added a bit more information to the issue description.

[FlxMgdnz]

fyi we've added 250 points to the issue

[Mujhtech]

@FlxMgdnz I have made few progress by adding enable_remember_me to session config

type Session struct {
	// ...other session config data
	// `enable_remember_me` determines whether remember me functionality should be enable in hanko element ui
	// which allows users to control the session duration whether the JWT should be store in session cookie and deleted
	// when browser is closed or not.
	EnableRememberMe bool `yaml:"enable_remember_me" json:"enable_remember_me,omitempty" koanf:"enable_remember_me" split_words:"true" jsonschema:"default=false"`
}

When the value is true, it add remember action to the login init state else suspend remember me action.

What do you think?

[Mujhtech]

Also, this is what I noticed: the current implementation is using js-cookie to store the token. By my testing, I experienced that if the tab is open while I close the browser, the cookie stays but if I close the tab before closing the browser, the cookie expires

[birajkashyap]

/assign

[oss-gg]

This issue is already assigned to another person. Please find more issues here.

[Piyush07p]

/assign

[oss-gg]

This issue is already assigned to another person. Please find more issues here.