Pete99
May 3rd, 2006, 09:00 AM
Hi, first I want to thank you for these forums and for the discussions inside them.
However, I believe that the forum's aggressive logout policy reduces security and is annoying.
It reduces security because people will be motivated to enable the "remember me" checkbox to avoid being logged out every fifteen minutes because it's just too much of a hassle to login and type my userid and password over and over again while reading/posting to the forums. Thus anyone with access to my computer will be able to login as me without knowing my password.
It's annoying because after composing a new post for more than fifteen minutes the forum logs me out. After I login again the forum tells me that my composition is invalid.
It's annoying because, after reading a page of posts for more than fifteen minutes, when I click to go to the next page of posts I'm logged out and my forum preferences are ignored. For example, I see people's animated avatars again (even though I chose not to see them) and either have to press the Esc key or type my userid and password again.
I could understand if this website was a bank or something, but the aggressive logout policy for a discussions forum seems unnecessary and unfriendly.
My request is that you increase the timeout to at least an hour, preferably three hours. This is for those of us who think that it's unsecure to leave login credentials in cookies and who always explicitly login and logout of websites only while we're using them.
It seems that it wouldn't be any less secure for the people who use "remember me" since they are effectively always logged in.
However, I believe that the forum's aggressive logout policy reduces security and is annoying.
It reduces security because people will be motivated to enable the "remember me" checkbox to avoid being logged out every fifteen minutes because it's just too much of a hassle to login and type my userid and password over and over again while reading/posting to the forums. Thus anyone with access to my computer will be able to login as me without knowing my password.
It's annoying because after composing a new post for more than fifteen minutes the forum logs me out. After I login again the forum tells me that my composition is invalid.
It's annoying because, after reading a page of posts for more than fifteen minutes, when I click to go to the next page of posts I'm logged out and my forum preferences are ignored. For example, I see people's animated avatars again (even though I chose not to see them) and either have to press the Esc key or type my userid and password again.
I could understand if this website was a bank or something, but the aggressive logout policy for a discussions forum seems unnecessary and unfriendly.
My request is that you increase the timeout to at least an hour, preferably three hours. This is for those of us who think that it's unsecure to leave login credentials in cookies and who always explicitly login and logout of websites only while we're using them.
It seems that it wouldn't be any less secure for the people who use "remember me" since they are effectively always logged in.