Extend remember token validity on login

- Added extend_remember_token() function to renew token expiration - Modified login route to extend existing valid remember tokens instead of creating new ones - Users who login with remember me checked get their token validity extended to 30 days from login - Improves UX by keeping users logged in longer if they actively use the service

Extend remember token validity on login
- Added extend_remember_token() function to renew token expiration - Modified login route to extend existing valid remember tokens instead of creating new ones - Users who login with remember me checked get their token validity extended to 30 days from login - Improves UX by keeping users logged in longer if they actively use the service
90d3ef94 · Stefy Lanza (nextime / spora ) · 96c7422a · 90d3ef94 · 90d3ef94
Commit 90d3ef94 authored Oct 06, 2025 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 32 additions and 2 deletions

database.py vidai/database.py +15 -0

web.py vidai/web.py +17 -2

No files found.
--- a/vidai/database.py
+++ b/vidai/database.py
@@ -1328,6 +1328,21 @@ def delete_remember_token(token: str) -> None:
    conn.close()


+def extend_remember_token(token: str) -> bool:
+    """Extend a remember token's expiration to 30 days from now."""
+    import time
+
+    new_expires_at = int(time.time()) + (30 * 24 * 60 * 60)  # 30 days
+
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    cursor.execute('UPDATE remember_tokens SET expires_at = ? WHERE token = ?', (new_expires_at, token))
+    conn.commit()
+    success = cursor.rowcount > 0
+    conn.close()
+    return success
+
+
 def delete_expired_remember_tokens() -> None:
    """Delete expired remember tokens."""
    import time

--- a/vidai/web.py
+++ b/vidai/web.py
@@ -28,7 +28,7 @@ import argparse
 from .comm import SocketCommunicator, Message
 from .config import get_all_settings, get_allow_registration
 from .auth import login_user, logout_user, get_current_user, register_user, confirm_email, require_auth, require_admin
-from .database import get_user_tokens, update_user_tokens, get_user_queue_items, get_default_user_tokens, create_remember_token, validate_remember_token, delete_remember_token
+from .database import get_user_tokens, update_user_tokens, get_user_queue_items, get_default_user_tokens, create_remember_token, validate_remember_token, delete_remember_token, extend_remember_token

 app = Flask(__name__, template_folder=os.path.join(os.path.dirname(__file__), '..', 'templates'))
 app.secret_key = os.environ.get('FLASK_SECRET_KEY', 'dev-secret-key-change-in-production')
@@ -162,7 +162,22 @@ def login():
            if remember:
                user = get_current_user(session_id)
                if user:
+                    # Check if user already has a valid remember token
+                    existing_token = request.cookies.get('remember_token')
+                    if existing_token:
+                        # Try to extend existing token if it's valid for this user
+                        token_user = validate_remember_token(existing_token)
+                        if token_user and token_user['id'] == user['id']:
+                            # Extend the existing token
+                            extend_remember_token(existing_token)
+                            remember_token = existing_token
+                        else:
+                            # Create new token if existing is invalid or for different user
+                            remember_token = create_remember_token(user['id'])
+                    else:
+                        # Create new token
                        remember_token = create_remember_token(user['id'])
+
                    response = make_response(redirect(url_for('dashboard')))
                    response.set_cookie('remember_token', remember_token, max_age=30*24*60*60, httponly=True, secure=False)  # secure=True in production with HTTPS
                    return response