Jump to content

Remember Me sign-in option - possible to shorten or disable?


Go to solution Solved by Jim M,

Recommended Posts

The "Remember Me" feature works very well -- too well. 🙂 Is there a way to limit the time that the feature works? Many sites seem to only remember you for a day or two, or a week or two. Is that possible with Invision? We need members to have to log-in more regularly. Thanks!

Edited by usmf
Link to comment
Share on other sites

It would seem broken if I checked a "remember me" box that "forgot me" before I told it to. I get the ask here... perhaps "remember me for one week" or "remember me for 30 days" instead of "remember me until my cookie disappears," but what is the use case for this?

Why do you need people to log in "more regularly?"

Do you believe it to be more secure? Some other reason?

Link to comment
Share on other sites

The reason I am asking is because it's definitely working longer than 90 days. Most staff members have not had to login for years as the forum still remembers their login. It's way too long, and we've also instituted some required fields that members need to fill out . . . but since many never need to login, they're not seeing it.

Edited by usmf
Link to comment
Share on other sites

The cookie does refresh though - opening the site, "Do I need to login?" "Nope, remembered"....cookie refreshed...expires in 90 days.....

If you want to see it expiring, don't access your site for 90 days...or delete the cookie.

 

10 minutes ago, usmf said:

and we've also instituted some required fields that members need to fill out . . . but since many never need to login, they're not seeing it.

Then log them out...

image.thumb.png.970ec683aac0b8dae0fc6f8af972e36c.png

Edited by Nathan Explosion
Link to comment
Share on other sites

I'm surprised that this sounds like a foreign idea. The majority of websites that I have set to "remember me" time out at some point. The cookies don't always refresh. The idea that members never have to sign-in doesn't seem great. I understand not wanting to have to sign-in all the time . . . no one wants to do that. But every couple of weeks or every month is not bad and keeps your account from being accessible all the time -- and shows it as being active.

Logging all members out will fix this one issue of needing members to sign-in to fill out required fields, but that will only help this one instance, correct. They sign-in again, and then they don't have to sign-in for more years. Some staff are going through old accounts to move members who have not been active in years. What's interesting is that there are a number of accounts that have not had to log-in for a year and a half, two years, etc. But they are active on a weekly basis. This has to be checked in the public profile, as there's no way in the AdminPC to tell if an account is in active use, other than sign-in date. It would seem better all around to require a long-in every now and then, rather than years apart.

Link to comment
Share on other sites

I haven’t checked all the code for this, but I would expect that the cookies DO time out—UNLESS you keep coming back to the site every day or every couple of days. And this action then resets the expiration time. At least from a user’s perspective, that’s what I would expect. Being logged out suddenly for no apparent reason is NOT what I would expect when I set “keep me logged in”. 

Edited by opentype
Link to comment
Share on other sites

Hey, this wasn't supposed to sound personal, and I didn't mean to hurt anyone's feelings. I guess we'll stick with the log-out button idea, since posting in the feature suggestions isn't going to help with this current issue. Thanks for the help.

Link to comment
Share on other sites

  • Solution
15 minutes ago, usmf said:

I'm surprised that this sounds like a foreign idea. The majority of websites that I have set to "remember me" time out at some point. The cookies don't always refresh. The idea that members never have to sign-in doesn't seem great. I understand not wanting to have to sign-in all the time . . . no one wants to do that. But every couple of weeks or every month is not bad and keeps your account from being accessible all the time -- and shows it as being active.

They would only keep refreshing if you keep visiting within that 90 days. If you do not visit till 91 days then you have to login again. This is pretty much standard for low-medium secure websites. I honestly can't remember the last time I had to login to Facebook, Twitter, Instagram, etc... because I visit those on a semi-daily basis.

Link to comment
Share on other sites

1 minute ago, Jim M said:

They would only keep refreshing if you keep visiting within that 90 days. If you do not visit till 91 days then you have to login again. This is pretty much standard for low-medium secure websites. I honestly can't remember the last time I had to login to Facebook, Twitter, Instagram, etc... because I visit those on a semi-daily basis.

Thanks. Good explanation. Does anyone know of a plugin or something that would show the date of last visit (not signin) by a member inside the member's account page in the AdminCP?

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...