Firebase RememberMe functionality

Question

My webapp allows different users to login in different tabs/browsers on the same machine with different credentials (using signInWithEmailAndPassword). I achieve this by calling firebase.initializeApp(config, 'appName'+new Date().getTime()) for each login

When the user closes the tab or reloads (in window.onbeforeunload) I call .auth().signOut() to log him out.

I now want to add a RemeberMe functionality to my app page, that is a tickbox that if (and only if) ticked, will allow following logins from the same machine and username without giving the password even if the machine was for example restarted in the meantime.

How can that be achieved ?

what I am thinking about is (when remember me is on) to generate a token on the client stored in a cookie and maintain a table on the db which links tokens to passwords, there are two problems with this, first of all the password is saved as is on the db which is bad and second the password needs to be sent back to the client which is also bad.

any better options ?

Answer 1

Starting with Firebase JS 4.2.0 you can now specify session persistence. You can login different users in multiple tabs by calling: firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION)

And when the window is closed, the session is cleared.

For more on this, check https://firebase.google.com/support/release-notes/js#4.2.0 and https://firebase.google.com/docs/auth/web/auth-state-persistence

Answer 2

Just add a rememberMe checkbox to your login form with a reference variable(for an exmaple remember) and use firebase setPersistence like this,

firebase.auth().setPersistence(this.remember.checked ? fireauth.Auth.Persistence.LOCAL : fireauth.Auth.Persistence.SESSION)

(here I have used javaScript for the example)