nebular icon indicating copy to clipboard operation
nebular copied to clipboard

Published 20 hours ago verified publisher icon akveo

rememberMe unused in NbAuthService

Open gael-ft opened this issue 7 years ago • 9 comments

Hi Akveo,

I see that when using NbAuthService for login: authService.authenticate('provider', 'data)...

The rememberMe checkbox (from your NbLoginComponent) is never checked before saving the token into TokenService https://github.com/akveo/nebular/blob/893d56adfe56a0d4f6e8fe9b9591a20e3bafade4/src/framework/auth/services/auth.service.ts#L134

Result: token is always saved (even if checkbox not checked). So when I close my browser and visit again, I'm still logged (token is still here because I did not logout).

Is this normal behavior ?

gael-ft avatar Dec 27 '17 18:12 gael-ft

Hi @gael-ft, as for now we cound't decide where and how this logic should be implemented. Currently, the rememberMe flag is passed to your backend API alongside with login and password, so that for instance you can set an expiration date for the token (in case you use JWT). Otherwise, as far as I can tell we have to use cookies to implement the "remove token when the browser is closed" logic, which is not the way we would like to go on this, as cookie storage has enough of disadvantages.

I'm leaving this issue opened in case someone has a better idea on this.

nnixaa avatar Jan 16 '18 08:01 nnixaa

Hi @nnixaa, i imagined it that way. If rememberMe is not selected then the token is recorded in sessionStorage, respectively, if selected then recorded in the localStorage.

dedpnd avatar May 23 '18 13:05 dedpnd

@gael-ft this is a good point, though this would introduce a conditional switching between storages. Have to think about it.

nnixaa avatar May 30 '18 10:05 nnixaa

@nnixaa

  /**
   * Sets the user credentials.
   * The credentials may be persisted across sessions by setting the `remember` parameter to true.
   * Otherwise, the credentials are only persisted for the current session.
   * @param {Credentials=} credentials The user credentials.
   * @param {boolean=} remember True to remember credentials across sessions.
   */
  private setCredentials(credentials?: Credentials, remember?: boolean) {
    this._credentials = credentials || null;

    if (credentials) {
      const storage = remember ? localStorage : sessionStorage;
      storage.setItem(credentialsKey, JSON.stringify(credentials));
    } else {
      sessionStorage.removeItem(credentialsKey);
      localStorage.removeItem(credentialsKey);
    }
  }

ThrownLemon avatar Sep 26 '18 01:09 ThrownLemon

How does the remember me is working and how it will work if there is a method for saving the token in localStorage or sessionStorage?

Remember me also display even after setting

    rememberMe: false,   // whether to show or not the `rememberMe` checkbox

It must be hidden if we set the value false.

prashantidealittechno avatar Dec 10 '18 13:12 prashantidealittechno

This issue has been inactive for more than a year, but hasn't been solved. I would like to see @ThrownLemon's solution implemented, or else it probably should be documented somewhere that this checkbox does nothing.

StefanNienhuis avatar Mar 18 '20 20:03 StefanNienhuis

Any update? how to store token in session instead of localstorage when "remember me" is unchecked? @nnixaa @ThrownLemon @yggg @prashantidealittechno @dedpnd

gentakme avatar Jun 02 '22 17:06 gentakme

Is there any update to this issue?

worawut-w avatar Mar 28 '23 01:03 worawut-w

We still have this issue, any updates?

danhanDEV1 avatar Aug 01 '23 14:08 danhanDEV1