Fix for bug 90468: Bugzilla does not log out automatically when closing

Bugzilla/Auth/CGI.pm

@@ -72,17 +72,32 @@ sub login {
                  $userid, $ipaddr);
         my $logincookie = $dbh->selectrow_array("SELECT LAST_INSERT_ID()");
 
-        $cgi->send_cookie(-name => 'Bugzilla_login',
-                          -value => $userid,
-                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
-        $cgi->send_cookie(-name => 'Bugzilla_logincookie',
-                          -value => $logincookie,
-                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
+        # Remember cookie only if admin has told so
+        # or admin didn't forbid it and user told to remember.
+        if ((Param('rememberlogin') eq 'on') ||
+            ((Param('rememberlogin') ne 'off') &&
+             ($cgi->param('Bugzilla_remember') eq 'on'))) {
+            $cgi->send_cookie(-name => 'Bugzilla_login',
+                              -value => $userid,
+                              -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
+            $cgi->send_cookie(-name => 'Bugzilla_logincookie',
+                              -value => $logincookie,
+                              -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
+
+        }
+        else {
+            $cgi->send_cookie(-name => 'Bugzilla_login',
+                              -value => $userid);
+            $cgi->send_cookie(-name => 'Bugzilla_logincookie',
+                              -value => $logincookie);
+
+        }
 
         # compat code. The cookie value is used for logouts, and that
         # isn't generic yet.
         $::COOKIE{'Bugzilla_logincookie'} = $logincookie;
-    } elsif ($authres == AUTH_NODATA) {
+    }
+    elsif ($authres == AUTH_NODATA) {
         # No data from the form, so try to login via cookies
         $username = $cgi->cookie("Bugzilla_login");
         $passwd = $cgi->cookie("Bugzilla_logincookie");

defparams.pl

@@ -456,6 +456,24 @@ sub find_languages {
   },
 
   {
+   name => 'rememberlogin',
+   desc => 'Controls management of session cookies
+           <ul>
+           <li>on - Session cookies never expire (the user has to login only
+           once per browser).</li>
+           <li>off - Session cookies last until the users session ends (the user
+             will have to login in each new browser session).</li>
+           <li>defaulton/defaultoff - Default behavior as described
+           above, but user can choose whether bugzilla will remember his
+           login or not.</li>
+           </ul>',
+   type => 's',
+   choices => ['on', 'defaulton', 'defaultoff', 'off'],
+   default => 'on',
+   checker => \&check_multi
+  },
+
+  {
    name => 'mostfreqthreshold',
    desc => 'The minimum number of duplicates a bug needs to show up on the ' .
            '<a href="duplicates.cgi">most frequently reported bugs page</a>. ' .

template/en/default/account/auth/login.html.tmpl

@@ -17,6 +17,7 @@
   # Rights Reserved.
   #
   # Contributor(s): Gervase Markham <gerv@gerv.net>
+  #                 Toms Baugis <toms@myrealbox.com>
   #%]
 
 [%# INTERFACE:
@@ -53,6 +54,20 @@
       <td>
         <input type="password" size="35" name="Bugzilla_password">
       </td>
+    </tr>
+
+    [% IF Param('rememberlogin') == 'defaulton' || 
+          Param('rememberlogin') == 'defaultoff' %]
+      <tr>
+        <td>&nbsp;</td>
+        <td>
+          <input type="checkbox" name="Bugzilla_remember" value="on"
+                 [% "checked" IF Param('rememberlogin') == "defaulton" %]>
+          Remember my Login
+        </td>
+      </tr>
+    [% END %]
+
     [% IF Param('loginnetmask') < 32 %]
       <tr>
         <td align="right">