From 337dd61468052aa070e5fa241f04ba2ad9278dcf Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Wed, 9 Mar 2022 13:25:11 +1100
Subject: [PATCH] docs: add docs about remember me duration (#2979)

This documents disabling remember me.
---
 docs/configuration/session/index.md      | 2 +-
 internal/handlers/handler_firstfactor.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/configuration/session/index.md b/docs/configuration/session/index.md
index 07aa23d95..b555d0c42 100644
--- a/docs/configuration/session/index.md
+++ b/docs/configuration/session/index.md
@@ -135,7 +135,7 @@ required: no
 </div>
 
 The time in [duration notation format](../index.md#duration-notation-format) the cookie expires and the session is
-destroyed when the remember me box is checked.
+destroyed when the remember me box is checked. Setting this to `-1` disables this feature entirely.
 
 ## Security
 
diff --git a/internal/handlers/handler_firstfactor.go b/internal/handlers/handler_firstfactor.go
index 5f2b1fe23..7073a60ff 100644
--- a/internal/handlers/handler_firstfactor.go
+++ b/internal/handlers/handler_firstfactor.go
@@ -92,7 +92,7 @@ func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.Re
 		}
 
 		// Check if bodyJSON.KeepMeLoggedIn can be deref'd and derive the value based on the configuration and JSON data.
-		keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != 0 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
+		keepMeLoggedIn := ctx.Providers.SessionProvider.RememberMe != -1 && bodyJSON.KeepMeLoggedIn != nil && *bodyJSON.KeepMeLoggedIn
 
 		// Set the cookie to expire if remember me is enabled and the user has asked us to.
 		if keepMeLoggedIn {