The Persistent Login module provides the familiar "Remember Me" option in the user login form. Additional security is provided by using two tokens (one long-running, one per-access) that allow the detection of unauthorized token use.

Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime. For a detailed discussion of the design and security of Persistent Login, see Improved Persistent Login Cookie Best Practice.


  • Control how long user logins are remembered, before a user will have to enter their credentials again.
  • Control how many different persistent logins are remembered per user.
  • Control which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot edit your account or change your password with just a persistent login).
  • A user can clear all of his/her remembered logins via their account page.

Known Issues

Active Maintainers

GitHub Mirror


Project Information