$Id: README.txt,v 1.3.2.1 2006-12-18 18:08:29 bjaspan Exp $ Persistent Login module PREREQUISITES Drupal 4.7 or 5.0 (be sure to use the correct version) OVERVIEW The Persistent Login module provides the familiar "Remember Me" option in the user login form. INSTALLATION 1. Install and activate Persistent Login like every other Drupal module. 2. For maximum security, edit your settings.php file so PHP session cookies have a lifetime of the browser session: ini_set('session.cookie_lifetime', 0); 3. Visit admin >> settings >> persistent_login to set how long persistent sessions should last and which pages users cannot access without a password-based login. UPGRADING Because Persistent Login interacts with the user login process, some caution is required when upgrading it to a new version. 1. Log in as Administrator. 2. Visit administer >> settings and open the Site Maintenance box. Select "Off-line" and press Save configuration. This is so users do not receive any error messages before the upgrade is complete. 3. Install the new Persistent Login module files. 4. Visit http://yoursite/update.php to update the Persistent Login database schema if necessary (you should do this every time you upgrade any module). 5. Return to administer >> settings >> Site Maintenance and put your site back online. NOTE: If update.php shows a version update for Persistent Login, all currently remembered login sessions for all users may be lost. Everyone will have to log in again with their username and password. DESCRIPTION The Persistent Login module provides the familiar "Remember Me" option in the user login form. The module's settings allow the administrator to: - Control how long user logins are remembered. - Control which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot edit your account or change your password with just a persistent login). Each user's 'my account' view tab gives them option of explicitly clearing all of his/her remembered logins. Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime. For a detailed discussion of the design and security of Persistent Login, see "Improved Persistent Login Cookie Best Practice" . TO DO - Define 'allow persistent login' permission so some roles can be prevented from using it. - Allow modules to specify paths that require a full login. A normal hook won't work for this because not all modules are loaded during hook_init when Persistent Login makes this decision. AUTHOR Barry Jaspan firstname at lastname dot org