Jump to content

Remember Me sign-in option - possible to shorten or disable?

usmf

By usmf
in Technical Problems

 Share
Go to solution Solved by Jim M,

Recommended Posts

usmf Rising Star

usmf

Posted
Posted (edited)

The "Remember Me" feature works very well -- too well. 🙂 Is there a way to limit the time that the feature works? Many sites seem to only remember you for a day or two, or a week or two. Is that possible with Invision? We need members to have to log-in more regularly. Thanks!

Edited by usmf
CoffeeCake Veteran

CoffeeCake

Posted
Posted

It would seem broken if I checked a "remember me" box that "forgot me" before I told it to. I get the ask here... perhaps "remember me for one week" or "remember me for 30 days" instead of "remember me until my cookie disappears," but what is the use case for this?

Why do you need people to log in "more regularly?"

Do you believe it to be more secure? Some other reason?

usmf Rising Star

usmf

Posted
  • Author
Posted (edited)

The reason I am asking is because it's definitely working longer than 90 days. Most staff members have not had to login for years as the forum still remembers their login. It's way too long, and we've also instituted some required fields that members need to fill out . . . but since many never need to login, they're not seeing it.

Edited by usmf
Nathan Explosion Grand Master

Nathan Explosion

Posted
Posted (edited)

The cookie does refresh though - opening the site, "Do I need to login?" "Nope, remembered"....cookie refreshed...expires in 90 days.....

If you want to see it expiring, don't access your site for 90 days...or delete the cookie.

 

10 minutes ago, usmf said:

and we've also instituted some required fields that members need to fill out . . . but since many never need to login, they're not seeing it.

Then log them out...

image.thumb.png.970ec683aac0b8dae0fc6f8af972e36c.png

Edited by Nathan Explosion
usmf Rising Star

usmf

Posted
  • Author
Posted

I'm surprised that this sounds like a foreign idea. The majority of websites that I have set to "remember me" time out at some point. The cookies don't always refresh. The idea that members never have to sign-in doesn't seem great. I understand not wanting to have to sign-in all the time . . . no one wants to do that. But every couple of weeks or every month is not bad and keeps your account from being accessible all the time -- and shows it as being active.

Logging all members out will fix this one issue of needing members to sign-in to fill out required fields, but that will only help this one instance, correct. They sign-in again, and then they don't have to sign-in for more years. Some staff are going through old accounts to move members who have not been active in years. What's interesting is that there are a number of accounts that have not had to log-in for a year and a half, two years, etc. But they are active on a weekly basis. This has to be checked in the public profile, as there's no way in the AdminPC to tell if an account is in active use, other than sign-in date. It would seem better all around to require a long-in every now and then, rather than years apart.

opentype Grand Master

opentype

Posted
Posted (edited)

I haven’t checked all the code for this, but I would expect that the cookies DO time out—UNLESS you keep coming back to the site every day or every couple of days. And this action then resets the expiration time. At least from a user’s perspective, that’s what I would expect. Being logged out suddenly for no apparent reason is NOT what I would expect when I set “keep me logged in”. 

Edited by opentype
usmf Rising Star

usmf

Posted
  • Author
Posted

Hey, this wasn't supposed to sound personal, and I didn't mean to hurt anyone's feelings. I guess we'll stick with the log-out button idea, since posting in the feature suggestions isn't going to help with this current issue. Thanks for the help.

  • Solution
Jim M Grand Master

Jim M

Posted
  • Solution
Posted
15 minutes ago, usmf said:

I'm surprised that this sounds like a foreign idea. The majority of websites that I have set to "remember me" time out at some point. The cookies don't always refresh. The idea that members never have to sign-in doesn't seem great. I understand not wanting to have to sign-in all the time . . . no one wants to do that. But every couple of weeks or every month is not bad and keeps your account from being accessible all the time -- and shows it as being active.

They would only keep refreshing if you keep visiting within that 90 days. If you do not visit till 91 days then you have to login again. This is pretty much standard for low-medium secure websites. I honestly can't remember the last time I had to login to Facebook, Twitter, Instagram, etc... because I visit those on a semi-daily basis.

usmf Rising Star

usmf

Posted
  • Author
Posted
1 minute ago, Jim M said:

They would only keep refreshing if you keep visiting within that 90 days. If you do not visit till 91 days then you have to login again. This is pretty much standard for low-medium secure websites. I honestly can't remember the last time I had to login to Facebook, Twitter, Instagram, etc... because I visit those on a semi-daily basis.

Thanks. Good explanation. Does anyone know of a plugin or something that would show the date of last visit (not signin) by a member inside the member's account page in the AdminCP?

usmf Rising Star

usmf

Posted
  • Author
Posted
2 minutes ago, Nathan Explosion said:

image.png.0c8947662225339e7119e585d88ebfc3.png

Thanks so much! Did not know that was there. Will definitely share this with the staff handling the member accounts. 🙂

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...