implemented persistent sessions (not destroyed when broweser closed) – needs more work

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>

de.srsoftware.oidc.web/src/main/resources/en/login.html

@@ -28,6 +28,14 @@
                         <th>Error</th>
                         <td class="warning">Failed to log in!</td>
                     </tr>
+                    <tr>
+                        <td colspan="2">
+                            <label>
+                                <input type="checkbox" name="trust" checked="checked"/>
+                                Quit session when browser is closed.
+                            </label>
+                        </td>
+                    </tr>
                     <tr>
                         <td></td>
                         <td><button type="button" onClick="tryLogin()">Login</button></td>

de.srsoftware.oidc.web/src/main/resources/en/scripts/login.js

@@ -7,8 +7,13 @@ function doRedirect(){
 function handleLogin(response){
     if (response.ok){ 
         response.headers.forEach(function(val, key) {
+            console.log('header: '+key+' → '+val);
             // in newer browsers, the cookie is set from fetch response. In older browsers this does not seem to work
-            if (key == 'session') document.cookie = 'sessionToken='+val+"; path=/api"
+            if (key == 'session') {
+                val = 'sessionToken='+val;
+                console.log('setting cookie: '+val);
+                document.cookie = val;
+            }
         });
        response.json().then(body => {
           hide('error');

de.srsoftware.oidc.web/src/main/resources/en/todo.html

@@ -16,6 +16,7 @@
                 <li>implement token refresh</li>
                 <li>Verschlüsselung im config-File</li>
                 <li>Configuration im Frontend</li>
+                <li>Process <em>quit session when browser is closed</em> input on login</li>
             </ul>
         </div>
     </body>