My webapp allows different users to login in different tabs/browsers on the same machine with different credentials (using signInWithEmailAndPassword). I achieve this by calling firebase.initializeApp(config, 'appName'+new Date().getTime()) for each login

When the user closes the tab or reloads (in window.onbeforeunload) I call .auth().signOut() to log him out.

I now want to add a RemeberMe functionality to my app page, that is a tickbox that if (and only if) ticked, will allow following logins from the same machine and username without giving the password even if the machine was for example restarted in the meantime.

How can that be achieved ?

what I am thinking about is (when remember me is on) to generate a token on the client stored in a cookie and maintain a table on the db which links tokens to passwords, there are two problems with this, first of all the password is saved as is on the db which is bad and second the password needs to be sent back to the client which is also bad.

any better options ?

My webapp allows different users to login in different tabs/browsers on the same machine with different credentials (using signInWithEmailAndPassword). I achieve this by calling firebase.initializeApp(config, 'appName'+new Date().getTime()) for each login

When the user closes the tab or reloads (in window.onbeforeunload) I call .auth().signOut() to log him out.

I now want to add a RemeberMe functionality to my app page, that is a tickbox that if (and only if) ticked, will allow following logins from the same machine and username without giving the password even if the machine was for example restarted in the meantime.

How can that be achieved ?

what I am thinking about is (when remember me is on) to generate a token on the client stored in a cookie and maintain a table on the db which links tokens to passwords, there are two problems with this, first of all the password is saved as is on the db which is bad and second the password needs to be sent back to the client which is also bad.

any better options ?

• javascript
• firebase
• firebase-authentication

• Remembering is the default behaviour. Did you want to disable it? If you listen to onAuthStateChanged you should see automatic re-authentication (i.e. remembering). – cartant Commented Jan 16, 2017 at 7:02
• forgot to mention I am calling .auth().signOut() on page reload (updated question). Perhaps all I need is for the tick box to not call signout if it is ticked ? I want the user to determine if he wants the session to persist on the machine with the default being no. – kofifus Commented Jan 16, 2017 at 7:09
• Yep, that would do it and listen to onAuthStateChanged to decide whether the sign in is short circuited. – cartant Commented Jan 16, 2017 at 7:14
• sorry me question was misleading, I have now expanded it, can you please look again ? the point is rememberme needs to work even if the user for example restarted his machine (and the box was ticked on the last login) – kofifus Commented Jan 16, 2017 at 7:25
• That sounds trickier. I guess you have to implement it yourself. You'll have to store the credentials, too - so that you can call signInWithEmailAndPassword - and that sounds unsafe. – cartant Commented Jan 16, 2017 at 8:01

2 Answers 2

Starting with Firebase JS 4.2.0 you can now specify session persistence. You can login different users in multiple tabs by calling: firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION)

And when the window is closed, the session is cleared.

For more on this, check https://firebase.google.com/support/release-notes/js#4.2.0 and https://firebase.google.com/docs/auth/web/auth-state-persistence

Just add a rememberMe checkbox to your login form with a reference variable(for an exmaple remember) and use firebase setPersistence like this,

firebase.auth().setPersistence(this.remember.checked ? fireauth.Auth.Persistence.LOCAL : fireauth.Auth.Persistence.SESSION)

(here I have used javaScript for the example)