There are some similar topics here in Stackflow but I find none of them has answered my question.
ASP.NET Web API 2 is what we use now. I am now able to accept CORS authentication request from my WebAPI. With the access token sent along in the Authorization header (Bearer xxx), I am able to access the resources protected by [Authorize] tags.
The problem is, how can I implement a function similar to a "Remember me" checkbox in the regular login form? All we want is that the user doesn't need to log in again the next time visiting our webpage. Is the access token for one session only? How does WebAPI2 set the expiration of the token? How Can we save some info in the session or use local storage to store such authentication information? When we store this token in the client side, do we need some sort of encryption to protect it?
What is your suggestion in implementing this "Remember me" function?