The "Remember Me" feature works very well -- too well. 🙂 Is there a way to limit the time that the feature works? Many sites seem to only remember you for a day or two, or a week or two. Is that possible with Invision? We need members to have to log-in more regularly. Thanks!

Edited July 26, 20213 yr by usmf

Just bumping this today in hopes that someone may know an answer. Thanks!

Still hoping someone may have an answer on this. Is it edit that feature to a shorter amount of time?

It would seem broken if I checked a "remember me" box that "forgot me" before I told it to. I get the ask here... perhaps "remember me for one week" or "remember me for 30 days" instead of "remember me until my cookie disappears," but what is the use case for this?

Why do you need people to log in "more regularly?"

Do you believe it to be more secure? Some other reason?

The cookie that handles this has a 90 day expiry, which is hard coded as a variable (P3M = 3 months)
 

@CoffeeCake has asked the perfect question - why do you want/need to do this?

The reason I am asking is because it's definitely working longer than 90 days. Most staff members have not had to login for years as the forum still remembers their login. It's way too long, and we've also instituted some required fields that members need to fill out . . . but since many never need to login, they're not seeing it.

Edited July 29, 20213 yr by usmf

The cookie does refresh though - opening the site, "Do I need to login?" "Nope, remembered"....cookie refreshed...expires in 90 days.....

If you want to see it expiring, don't access your site for 90 days...or delete the cookie.

 

 

and we've also instituted some required fields that members need to fill out . . . but since many never need to login, they're not seeing it.

Then log them out...

Edited July 29, 20213 yr by Nathan Explosion

I'm surprised that this sounds like a foreign idea. The majority of websites that I have set to "remember me" time out at some point. The cookies don't always refresh. The idea that members never have to sign-in doesn't seem great. I understand not wanting to have to sign-in all the time . . . no one wants to do that. But every couple of weeks or every month is not bad and keeps your account from being accessible all the time -- and shows it as being active.

Logging all members out will fix this one issue of needing members to sign-in to fill out required fields, but that will only help this one instance, correct. They sign-in again, and then they don't have to sign-in for more years. Some staff are going through old accounts to move members who have not been active in years. What's interesting is that there are a number of accounts that have not had to log-in for a year and a half, two years, etc. But they are active on a weekly basis. This has to be checked in the public profile, as there's no way in the AdminPC to tell if an account is in active use, other than sign-in date. It would seem better all around to require a long-in every now and then, rather than years apart.

Who said it sounds like a foreign idea? Those are your words.

Just pointing out how it works, and some other options.

Want the functionality to be changed? https://invisioncommunity.com/forums/forum/499-feature-suggestions/

Edited July 29, 20213 yr by Nathan Explosion

I haven’t checked all the code for this, but I would expect that the cookies DO time out—UNLESS you keep coming back to the site every day or every couple of days. And this action then resets the expiration time. At least from a user’s perspective, that’s what I would expect. Being logged out suddenly for no apparent reason is NOT what I would expect when I set “keep me logged in”. 

Edited July 29, 20213 yr by opentype

Hey, this wasn't supposed to sound personal, and I didn't mean to hurt anyone's feelings. I guess we'll stick with the log-out button idea, since posting in the feature suggestions isn't going to help with this current issue. Thanks for the help.

 

I'm surprised that this sounds like a foreign idea. The majority of websites that I have set to "remember me" time out at some point. The cookies don't always refresh. The idea that members never have to sign-in doesn't seem great. I understand not wanting to have to sign-in all the time . . . no one wants to do that. But every couple of weeks or every month is not bad and keeps your account from being accessible all the time -- and shows it as being active.

They would only keep refreshing if you keep visiting within that 90 days. If you do not visit till 91 days then you have to login again. This is pretty much standard for low-medium secure websites. I honestly can't remember the last time I had to login to Facebook, Twitter, Instagram, etc... because I visit those on a semi-daily basis.

 

I didn't mean to hurt anyone's feelings.

You didn't - I don't have any.

 

They would only keep refreshing if you keep visiting within that 90 days. If you do not visit till 91 days then you have to login again. This is pretty much standard for low-medium secure websites. I honestly can't remember the last time I had to login to Facebook, Twitter, Instagram, etc... because I visit those on a semi-daily basis.

Thanks. Good explanation. Does anyone know of a plugin or something that would show the date of last visit (not signin) by a member inside the member's account page in the AdminCP?

 

Thanks so much! Did not know that was there. Will definitely share this with the staff handling the member accounts. 🙂