Add ability to require a "login refresh" in a controller method

[rdiaztushman]

something like $this->requireIdentityRefresh()
which would force a user to login again and redirect back to the requested page.

You'd use something like this before granting access to account-management pages, the same way Github requires you to refresh your login each time you enter your Account Settings pages

[ChrisFrench]

Good idea but we might want to expand on it similar to how mandrill does it
requiring login to see you dashboard but you requires again to access
billing and API pages the difference is those pages are forced ssl and have
much shorter session life times.
On May 11, 2014 12:37 PM, "Rafael Diaz-Tushman" [email protected]
wrote:

something like $this->requireIdentityRefresh()
which would force a user to login again and redirect back to the requested
page.

You'd use something like this before granting access to account-management
pages, the same way Github requires you to refresh your login each time you
enter your Account Settings pages

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/40
.

[polakluk]

Chris, I think that would be achievable by what Raf's proposing. you would just set up redirect in session and call this method from your controller any time you would require use to re-enter their creds. Or am I missing something?

[ChrisFrench]

Sort I just ment that mandrill has a basic session and a more secure
session and switching requires just a password
On May 15, 2014 2:18 PM, "Lukas Polak" [email protected] wrote:

Chris, I think that would be achievable by what Raf's proposing. you would
just set up redirect in session and call this method from your controller
any time you would require use to re-enter their creds. Or am I missing
something?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/40#issuecomment-43245843
.

[rdiaztushman]

What you're describing would be achievable with this.

[polakluk]

ah, gotcha

[rdiaztushman]

The only thing Mandrill does is check how old your session is. If you login and then immediately go to Billing, they don't ask you to login again. That's exactly what I'm proposing here.

The function would look something like this:
$this->requireIdentityRefresh(15);
and that would require you to login again if you last logged in more than 15 minutes ago.

For more sensitive pages, you could do:
$this->requireIdentityRefresh(5);
which would require you to login again if you last logged in more than 5 minutes ago

[ChrisFrench]

cool. This will for sure be useful

On Thu, May 15, 2014 at 2:46 PM, Rafael Diaz-Tushman <
[email protected]> wrote:

The only thing Mandrill does is check how old your session is. If you
login and then immediately go to Billing, they don't ask you to login
again. That's exactly what I'm proposing here.

The function would look something like this:
$this->requireIdentityRefresh(15);
and that would require you to login again if you last logged in more than
15 minutes ago.

For more sensitive pages, you could do:
$this->requireIdentityRefresh(5);
which would require you to login again if your last logged in more than 5
minutes ago

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/40#issuecomment-43249387
.