The Persistent Login module provides a "Remember Me" option on the user login form. Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime.
The 7.x version provides additional security by attempting to detect unauthorized re-use of tokens. For a detailed discussion of the design and security of Persistent Login, see Improved Persistent Login Cookie Best Practice.
- Control how long user logins are remembered, before a user will have to enter their credentials again.
- Control how many different persistent logins are remembered per user.
- Control which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot edit your account or change your password with just a persistent login). (7.x only)
- A user can clear all of his/her remembered logins via their account page. (7.x)
- : If a user opens several pages of a website simultaneously, the first request will invalidate the token and may cause the subsequent requests to trigger the security alert.
- : OpenID logins don't provide the information required for Persistent Login to set tokens for the user.
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Security, User Access & Authentication
- Reported installs: 3,003 sites currently report using this module. View usage statistics.
- Downloads: 68,470
- Automated tests: Enabled
- Last modified: 20 March 2017
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.