News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Logged-in counter or log-out warning

Started by jonesH, October 14, 2015, 12:11:26 AM

Previous topic - Next topic

jonesH

I find myself immersed in browsing and replying, just to be suddenly kicked out because my login has expired. If I was in the middle of a reply, the content is likely lost. I sometimes set a timer to remind me of my impending expiration status, but even then I need to log in again.


Therefore, what would it take to have some kind of reminder pop up close to the proper time and ask if the user would like to extend their being logged in, and then handle that automatically or via a password input? Or, at least, a small countdown timer tucked in a corner? Would the latter be a drain on the resources?


Regards.

Shambles

Might be simpler to login with an extended expiry period, perhaps using the "forever" option?

Or did you mean the hourly Admin security reprompt...

jonesH

I did not mean the admin reprompt, and I generally avoid using the "forever" option because then I have to remeber tolog out or terminate the connection by effectively shutting down the browser. I remember reading somewhere a longer while ago that doing otherwise is a security risk (was it yahoo mail, perhaps?).


If, though, logging in with a very long time setting and then casually moving away from the forum to another site (presumably in the same window) is not a security risk, then of course my question is moot.


In any case, I believe that for users who are logged in other than "forever" and who approach their logout threshold, some kind of reminder with the option of password-based continued login would be a nice touch.


Regards.

Shambles

I can see that being a useful mod request.

青山 素子

Quote from: jonesH on October 14, 2015, 12:11:26 AM
Therefore, what would it take to have some kind of reminder pop up close to the proper time and ask if the user would like to extend their being logged in, and then handle that automatically or via a password input? Or, at least, a small countdown timer tucked in a corner? Would the latter be a drain on the resources?

You could probably do something client-side, although that may be a bit tricky. The only concern I have is that the popup would either block all browser functions until dismissed or you wouldn't notice the in-page "popup" until the session is already expired.


Quote from: jonesH on October 14, 2015, 08:22:54 AM
I generally avoid using the "forever" option because then I have to remeber tolog out or terminate the connection by effectively shutting down the browser. I remember reading somewhere a longer while ago that doing otherwise is a security risk (was it yahoo mail, perhaps?).

That's mostly an issue when using a public or shared computer. There are a few other cases where there might be issues such that someone can sniff the session data, but you're going to be in trouble with a time-limited session if that's the case.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Advertisement: