fasttimes Posted April 4, 2017 Posted April 4, 2017 Currently the portal logs you out due to inactivity. Can you add a checkbox called stay logged in below remember me so that the portal won't log you out? Most sites allow this (like ITTT.com). Thanks Quote
stusviews Posted April 4, 2017 Posted April 4, 2017 Like banking, leaving the portal open may present a security risk. Although inconvenient, I'd vote for keeping it the way it is Quote
Michel Kohanim Posted April 4, 2017 Posted April 4, 2017 Hi fasttimes, It's really a huge security hole especially for mobile devices. it's one thing to let customers choose to have the browser save their username/password. It's completely another to let a session linger on for eternity on the server. With this said, I must humbly not accept the feature request. So sorry. With kind regards, Michel Quote
fasttimes Posted April 8, 2017 Author Posted April 8, 2017 Hi fasttimes,It's really a huge security hole especially for mobile devices. it's one thing to let customers choose to have the browser save their username/password. It's completely another to let a session linger on for eternity on the server.With this said, I must humbly not accept the feature request. So sorry.With kind regards,Michel How about increasing the timeout period to an hour? It is a major pain in the neck working with scripts, IFTTT, etc with it timing out on me each time and then i have to navigate back to the same spot. Quote
Michel Kohanim Posted April 9, 2017 Posted April 9, 2017 Hi fasttimes, Does it timeout on you while you do things on the Portal? Or, is it when it's idle? With kind regards, Michel Quote
fasttimes Posted April 10, 2017 Author Posted April 10, 2017 Idle. I'm usually working with the admin interface, Alexa or IFTTT trying to get something working. It is not unusual to not come back to the portal for 15 minutes. After it logs me out I have to navigate back to whatever screen I'm working on Quote
Michel Kohanim Posted April 10, 2017 Posted April 10, 2017 Hi fasttimes, Got it. Thanks. Let me discuss with our security expert. With kind regards, Michel Quote
jtara92101 Posted April 10, 2017 Posted April 10, 2017 (edited) Idea: persist the user's page selection in the portal on the server, cookie, or localstorage (localstorage is probably best), so that when they log in again, they are in the same place. Optionally, persist navigation history as well. (window.history) This at least makes it less painful when they have been logged-out. Since many/most users probably use a password manager or let their browser save passwords, it seems to me the bulk of the burden is the re-navigation, not re-logging-in. Edited April 10, 2017 by jtara92101 1 Quote
fasttimes Posted April 11, 2017 Author Posted April 11, 2017 Idea: persist the user's page selection in the portal on the server, cookie, or localstorage (localstorage is probably best), so that when they log in again, they are in the same place. Optionally, persist navigation history as well. (window.history) This at least makes it less painful when they have been logged-out. Since many/most users probably use a password manager or let their browser save passwords, it seems to me the bulk of the burden is the re-navigation, not re-logging-in. The navigation is indeed the annoyance. Persistence of some sort would make it more palatable. Personally I would have developed the pages to use a more RESTful Uri pattern. So if your session times out, a new call would bring you to an authentication page and then bring you right back to where you left off. That would prevent the use of the pop-up modal dialogs, but that is a good thing IMO. The current design looks like it is a single web-page application so it would probably require a rewrite to use such a pattern. The easiest thing to do would be to bump up the timeout period. 15-30-60 minutes, there is little difference. "We've already established that you ARE that sort of woman, said Mr Churchhill. Now we are just neogotiating on price" 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.