password_grace_period.rdoc

doc/password_grace_period.rdoc
Last Update: 2020-04-08 15:16:21 -0700

Documentation for Password Grace Period Feature

The password grace period feature keeps track of the last time the user entered their password in the session, and doesn't require they reenter their password for account modifications if they recently entered it correctly.

If you would like to provide extra security before certain routes, you can use the confirm password feature to require users to reenter their password if they haven't entered it recently:

rodauth.require_password_authentication

By default, this does not redirect if the session has been authenticated via password, but with the password_grace_period feature, it also redirects if the password has not been entered recently.

Auth Value Methods

last_password_entry_session_key

The session key in which to store the last password entry time.

password_grace_period

The number of seconds after a password entry until password reentry is required, 300 by default (5 minutes).

Auth Methods

password_recently_entered?

Whether the password has last been entered within the grace period.