This project is not covered by Drupal’s security advisory policy.
If you want to use this module, your options are:
- Choose another, actively maintained module instead
- File an issue in the queue with a patch to fix the module and then contact the security team to have your version reviewed and the project handed over to you following the unsupported project process.
- Hire someone to fix the security bug so the module can be re-published (see this guide on how to hire a Drupal site developer)
Fostering a relationship of trust with your visitors is essential when you aim to collect personal information and provide a service with which they feel secure. With this familiar little feature added to your installation you will portray the message of making every effort to address your users' security concerns and put them at ease. It shows that you stop at nothing to go the extra mile and allow them the peace of mind, to access your site with confidence from anywhere in the world knowing that you have taken every precaution to ensure their identity is safe.
Did you know that the default Drupal behaviour is to remember your session for the extent of 3 weeks and 2 days. This entails that if a user abandons a workstation, closes the browser window, experiences a power failure or any other unforeseen circumstance where they refrain from logging out, that their session will stay active on the server. When, at a later stage, they or anyone else for that matter, returns to your site using the same browser within the session cookie lifetime they will automatically be logged in without being prompted for authentication credentials. Can you imagine the colossal risk this places on users accessing your service from public terminals or shared workstations, with no means to their disposal of securing themselves against this threat.
If this concerns you, like it does myself and many others, you will also want a means to manage session lifetime. If you are looking for a way to configure quicker session expiry or want to give your users the choice not to be remembered at all, then you need search no morel. Download the latest supported release for D5.x or D6.x now. Extract the tarball archive into your modules directory and enable the module via the modules page. Administer => Site building => Modules from the menu. This will ensure a "Remember me" checkbox added below the password field on one and every log in form. Immediately improving security and gaining added confidence from visitors whom are well accustomed to this feature from other online facilities.
My promise to you:
Enabling this feature for your users will gain confidence in your site, similarly I want you to be confident in this product. Sessions are a crucial part of a web application and one of the most difficult to debug when things go wrong. The core focus of this project is to leave the smallest footprint on the normal Drupal behaviour while enabling this frequently requested use case in the simplest way possible. This module would love to hang around idle, doing nothing all day, at its happiest with all settings reset and left in their default state. This way you can be rest assured that its business as usual and the only change will be a "Remember me" checkbox added to log in forms. Nothing else, nada, Drupal just the way we know and love it...
I will also commit, where time allows, to follow the issue queue and find solutions for bugs, fixes for incompatibilities and consider new features in the scope of this project. You are welcome to leave your comments, remarks, rants, raves and praises but please be patient... all good things will come.
- Maintenance status: Actively maintained
- Development status: Maintenance fixes only
- Module categories: User Access & Authentication
- Reported installs: 7,382 sites currently report using this module. View usage statistics.
- Downloads: 65,435
- Last modified: March 1, 2017
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.