Ticket #108 (Fixed)Sat Jan 20 19:49:56 UTC 2007
Increase the Hub login timeout
Reported by: | Rob Kendrick (86) | Severity: | Enhancement |
Part: | Web site: Hub (single sign-on mechanism) | Release: | 2nd public site release |
Milestone: | 2nd public site release completed | Status | Fixed |
Details by Rob Kendrick (86):
It’d be nice if I could tick a box in the login page to store a cookie in my browse such that I don’t need to log in again on another visit. May also need to then provide a “log off” button.
Changelog:
Modified by Andrew Hodgkinson (6) Mon, January 22 2007 - 14:41:56 GMT
“Remember me” schemes are notoriously problematic from a security standpoint – e.g. consider the internet café problem – which is why I haven’t yet implemented it. If it’s a major problem logging in for a large body of users it might be worthwhile but it is difficult to get right (so I won’t close this ticket just yet – it might get implemented).
There is already a “log off” button; when logged in, click on the “Account” icon at the top right of the header on any page. You’ll get to your account management pages, which include a “log off” option.
Modified by Andrew Hodgkinson (6) Mon, January 22 2007 - 14:42:21 GMT
- Release changed from Prototype site to 2nd public site release
Modified by Andrew Hodgkinson (6) Mon, January 22 2007 - 14:44:00 GMT
- Milestone changed from Unspecified to 2nd public site release completed
Modified by Rob Kendrick (86) Tue, January 23 2007 - 21:50:24 GMT
The internet café problem is why I suggested that it be optional. It should also default to off, as well as perhaps giving the user a warning that they shouldn’t use this feature on shared machines.
(Although the security of logging onto such things from a shared machine is questionable anyway.)
Modified by Andrew Hodgkinson (6) Wed, January 24 2007 - 21:42:29 GMT
Yes indeed. I notice that some sites have a half-way house, which does keep the user logged in for longer, but still not forever – one or two days, perhaps. In addition to your suggestions above, I think we’d be getting close to the right balance of utility and security.
Modified by Trevor Johnson (329) Wed, January 12 2011 - 14:03:03 GMT
- Status changed from Open to Fixed
- Summary changed from Option to log on "permanently" to Increase the Hub login timeout
I notice that some sites have a half-way house…