FEU trusted Devices

[MantaPro]

Hi I have a website where the front end has numerous members only pages, simply achieved using the excellent FEU module and the pages set to have a content type of protected content, with login and logout screens etc all works perfectly.

The website provides the members with a very specific function (voting on resolutions) - one which means that they only need to use the website a couple of times per year (which is perfectly fine) - and the userbase spans the full range from technophobes; average-joe and (non developer) tech-power-users. (please forgive my type casting but it important context).

So while some users may be using some form of credential-manager built in to their browsers or antivirus; others probably aren't

I heard some interesting feedback recently - basically criticism that because it is used 1/year (and they are failing to use their browsers built in credential/password manager) they are unsure what username to use (email doh !!) and they've forgotten their password.

The specific criticism was it is not as easy to use as Facebook / Instagram.

I have made one small step to spoon feed their ease of use - all newletters / email with embedded links now include the username as a URL param and the loginform grabs that from $smarty.request

An option considerd and rejected was the single-signin option described on CMSCanBeSimple where the password is hidden in the login form and pre-set to a shared default password - rejected because (given members know each others email addresses then they could hack each others votes).

thinking about Facebook / Instagram - whilst they are secured via an ID + password + optionally TFA/Bio etc; they make themselves easy and instant to access via the "recognised device" idea - now Facebook needs quite sophisticated multi device multi browser recognition.

My question is can anyone suggest a way of achieving a far simpler (and good enough) solution for what I'd like to do - when they login they can tick a box to say "trust this device"; if ticked I store that decision in a cookie (so far easy - know how to do all this) - the tricky thing I suspect may be impossible is getting FEU to allow / recognise an infinitely long session ?

Am I overlooking something or is this impossible (and yes I know if they'd simply use there browsers password manager then issue solved but users will be users LOL)

thanks in advance

[velden]

Looking at the code of FEU3 - which for the record is not a version that's recommended to use - there are some notes and parameters which prepare the module for so called 'longterm' cookies.

However:
- I don't quickly find whether it's already possible to actually configure it (don't see anywhere the new parameter being set)
- The hard-coded expiry time for longterm is 90 days
- The developer of FEU hasn't been updating his modules for quite some time now

[MantaPro]

Great thanks Velden for the info and confirmation