Aggressive forum logout policy reduces security and is annoying

Discussion in 'General Topics' started by Pete99, May 3, 2006.

Thread Status:
Not open for further replies.
  1. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    Hi, first I want to thank you for these forums and for the discussions inside them.

    However, I believe that the forum's aggressive logout policy reduces security and is annoying.

    It reduces security because people will be motivated to enable the "remember me" checkbox to avoid being logged out every fifteen minutes because it's just too much of a hassle to login and type my userid and password over and over again while reading/posting to the forums. Thus anyone with access to my computer will be able to login as me without knowing my password.

    It's annoying because after composing a new post for more than fifteen minutes the forum logs me out. After I login again the forum tells me that my composition is invalid.

    It's annoying because, after reading a page of posts for more than fifteen minutes, when I click to go to the next page of posts I'm logged out and my forum preferences are ignored. For example, I see people's animated avatars again (even though I chose not to see them) and either have to press the Esc key or type my userid and password again.

    I could understand if this website was a bank or something, but the aggressive logout policy for a discussions forum seems unnecessary and unfriendly.

    My request is that you increase the timeout to at least an hour, preferably three hours. This is for those of us who think that it's unsecure to leave login credentials in cookies and who always explicitly login and logout of websites only while we're using them.

    It seems that it wouldn't be any less secure for the people who use "remember me" since they are effectively always logged in.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    The forum requires cookies enabled and javascrip to keep your preferences.
     
  3. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    Thanks for the reply, bigc73542.

    Apparently my preferences are stored in my "UserCP" and not in cookies, and thus my preferences are only available when I'm logged in. You can verify this by logging out and seeing if your preferences work.

    Anyway, I've enabled the "remember me" option for lack of a better choice. Thanks.
     
  4. dog

    dog Guest

    You can delete the cookies (bbuserID and BBpassword I believe those are the only ones required) once you've finished your session to delete those details. ;)

    Regards;

    Steve
     
  5. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    Thanks for the info about the cookies, Steve. This made me realize (duh!) that the cookies are cleared when I explicitly click "Log Out".

    So that's the solution. I'll use "remember me" when I login, use the forums happily for as long as I want (and hopefully not be affected by the timeout), then click "Log Out" and my password will be cleared.

    Thanks to both of you for your assistance.
     
Loading...
Thread Status:
Not open for further replies.