Teken Posted January 30, 2016 Share Posted January 30, 2016 Hello, I saw the IFTT announcement and tried moments ago to login to the portal. Upon doing so noticed a new pop up message that indicated do you want to stay logged in. I never got the chance to say yes and the portal continues to log you out over and over again. Link to comment
bmercier Posted January 30, 2016 Share Posted January 30, 2016 Hello, I saw the IFTT announcement and tried moments ago to login to the portal. Upon doing so noticed a new pop up message that indicated do you want to stay logged in. I never got the chance to say yes and the portal continues to log you out over and over again. My apologies. This is fixed now. Benoit. Link to comment
Teken Posted January 30, 2016 Author Share Posted January 30, 2016 My apologies. This is fixed now. Benoit. Hello Benoit, So very close but no cigar still happening . . . Link to comment
bmercier Posted January 30, 2016 Share Posted January 30, 2016 Hello Benoit, So very close but no cigar still happening . . . Please reload the page. Benoit Link to comment
Teken Posted January 30, 2016 Author Share Posted January 30, 2016 Please reload the page. Benoit Hello Benoit, Hard reloaded and cleared the web browser cache on Chrome and its fine now. Should there be a *Stay Login* message option available somewhere now? I am not prompted at all and see no method to enable this feature which is most welcome! Link to comment
bmercier Posted January 30, 2016 Share Posted January 30, 2016 Hi Teken, The auto logout fires after 14 minutes of inactivity, offers a 1 minute grace period to stay logged in, and if there is no response, it logs you off. It is a security measure that is not configurable. Benoit. Link to comment
Teken Posted January 30, 2016 Author Share Posted January 30, 2016 Hi Teken, The auto logout fires after 14 minutes of inactivity, offers a 1 minute grace period to stay logged in, and if there is no response, it logs you off. It is a security measure that is not configurable. Benoit. Hello Benoit, Understood and appreciate the insight perhaps this needs to be called out some where for users. As most people who see the pop up message would assume the message indicates stay logged in until such time as the users wishes to leave. Just trying to avoid misunderstanding and support calls . . . Link to comment
bmercier Posted January 30, 2016 Share Posted January 30, 2016 FYI, this has been there for months. It's just that I had temporarily reduced the delay significantly to test something. Link to comment
Bob P. Posted February 1, 2016 Share Posted February 1, 2016 Is it possible for the portal login to save the email address? It's kind of a pain to type it in every time. Link to comment
bmercier Posted February 2, 2016 Share Posted February 2, 2016 Is it possible for the portal login to save the email address? It's kind of a pain to type it in every time. Hello Bob, We want the portal to be as secure as possible, so that would go against the purpose. However, browsers like chrome will allow to cache the user and password, and fill it for you if you wish to do so. Benoit. Link to comment
MWareman Posted February 2, 2016 Share Posted February 2, 2016 Benoit, I understand (and encourage!) Security first - but there are ways of providing a 'Remember Username' check box on a logon form, then encrypting the username using a symmetric key (with timestamp and nonce) in a cookie to persist it in the browser. When the cookie is received in the future, you (and nobody else) can decrypt it, obtain the timestamp to determine if it has expired (only allow the next 30 days, for instance) and use the value to pre-populate the username. There is no loss of strength as a result of this. After a successful logon, you resend the username encrypted cookie with a new timestamp and nonce - providing another 30 days of remembering the username. I actually suspect it would be more secure than having Chrome remember it - and its use would be optional. Michael. Link to comment
Teken Posted February 2, 2016 Author Share Posted February 2, 2016 If that can't be done perhaps allowing a longer session could be done. Instead of the 1 minute extension let it reset the 14 minute login time. Being prompted to extend the session by one minute isn't very useful for most people. In the end, we will remember not the words of our enemies, but the silence of our friends. Link to comment
Bob P. Posted February 2, 2016 Share Posted February 2, 2016 For some reason, Firefox won't remember my login name from the portal, although it works for most other sites. Companies like Fidelity, Bank of America, and American Express have a "Remember Me" check-box. If it's good enough for them... Link to comment
Michel Kohanim Posted February 2, 2016 Share Posted February 2, 2016 Hello everyone, Thanks so very much for the feedback. So, the only thing you are asking to be stored is the email address, correct? If so, should there be a timeout on the cookie? With kind regards, Michel Link to comment
Xathros Posted February 2, 2016 Share Posted February 2, 2016 I like the method described by MWareman. -Xathros Sent from my iPhone using Tapatalk Link to comment
Bob P. Posted February 2, 2016 Share Posted February 2, 2016 Hello everyone, Thanks so very much for the feedback. So, the only thing you are asking to be stored is the email address, correct? If so, should there be a timeout on the cookie? With kind regards, Michel Yes, just the email. I don't see much benefit to applying a timeout, since it would be on a local machine. Link to comment
bmercier Posted February 3, 2016 Share Posted February 3, 2016 Benoit, I understand (and encourage!) Security first - but there are ways of providing a 'Remember Username' check box on a logon form, then encrypting the username using a symmetric key (with timestamp and nonce) in a cookie to persist it in the browser. When the cookie is received in the future, you (and nobody else) can decrypt it, obtain the timestamp to determine if it has expired (only allow the next 30 days, for instance) and use the value to pre-populate the username. There is no loss of strength as a result of this. After a successful logon, you resend the username encrypted cookie with a new timestamp and nonce - providing another 30 days of remembering the username. I actually suspect it would be more secure than having Chrome remember it - and its use would be optional. Michael. Hi Michael, After discussing it with Michel, we are adding this to the development queue. Thanks for the suggestion. Benoit. Link to comment
Bob P. Posted February 3, 2016 Share Posted February 3, 2016 After discussing it with Michel, we are adding this to the development queue. Now That's the kind of quality service that we've come to expect from UDI ! Thanks! Link to comment
MWareman Posted February 3, 2016 Share Posted February 3, 2016 Thanks Benoit (and Michel)! It's customer service like this that keeps me coming back for more... Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.