How to implement one time login?

With accounts-* package, the login will be maintained for default 90 days. the token will be cached to localstorage and the next time user open the browser, it will login automatically again.

but for some app, this is not right and secure. for example, for an admin app, user need to perform a one-time login, and keep the token in memory to make it safe for it will be remove on closing of browser.

So how would you implement one-time login?

see this issue

You can configure how long it stays valid in the accounts settings.

Try this:

After you login, remove the login data from storage:

Meteor.loginWithPassword(user, () => {
  Accounts._autoLoginEnabled = false;

If using latest package (1.3+), you should be able to just:

Meteor.loginWithPassword(user, () => {
  Accounts._autoLoginEnabled = false;

This does work, awsome! it really should be made a config option of Accounts.

1 Like

Nice find @reoh ! It will need some maintenance to make sure it stays working in new releases because it changes some core variables.

Isn’t this setting sufficient for you: loginExpirationInDays

Not sure what happens if you turn it to 0 (zero). You might want to test that. I think it sets this variable:

And that one gets multiplied but it seems to not accept zero:

Have to check deeper and test though before you trust that behavior. This might otherwise be a good place to fix what you want.

It seems that every 10 minutes the tokens are checked to be removed:

Might be interesting to look into this a bit further to see if you can use the official api. You don’t need to remove the token after all, you need the token to become invalid.

1 Like

Before this post, I have already tested setting it to 0, but sadly, when I reopened the browser, it was logged in.

Would you mind to tell me that how can we change the var EXPIRE_TOKENS_INTERVAL_MS in accounts-base.js?

Yes, I found that too. The tokens will be cleaned at all, so it seems that it will log out in every 10 minutes

Hey, you might be interested in the accounts extension that I published.