Remember me cookie in authboss-sample has MaxAge=Session. Explanation.

[frederikhors]

Issue opened for the creation of a wiki page that summarizes the doubts and problems for newbies (#210).

Using authboss-sample to understand authboss I noticed something that is strange maybe just for me because I still do not understand how it works authboss's remember me module. Maybe.

When a "rm" cookie is created I found in browser two cookies:

• ab_blog and
• rm.

Both have "Expires / Max-Age" = "Session" which I think is until browser get closed (or at least should be).

Now I think authboss-sample is rightly an example and so we need to set appropriately our settings like:

...
cookieStore = abclientstate.NewCookieStorer(cookieStoreKey, nil)
cookieStore.HTTPOnly = true
cookieStore.Secure = true
cookieStore.MaxAge = 7776000 // 90 days for example

Am I right? Or am I still omitting - blatantly - something already written somewhere?

In the case - very easily - I'm wrong, how can a "remember" cookie last only until the browser is closed? Does this make sense?

[aarondl]

This was a bug in the authboss-clientstate library (introduction of the max age configuration made this bug) which has been fixed.