"Remember Me" checked by default

These RFCs were either rejected or have been replaced by an alternative proposal. They will not be included in phpBB.
User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

"Remember Me" checked by default

Post by imkingdavid » Mon Feb 11, 2013 6:11 pm

I previously posted an RFC with the goal of making it easier to keep myself logged in. Basically, the issue for me is that I move through the Login form that I sometimes either forget to check the Remember Me box until just after I have clicked the login button, or I tab through the form too fast for it to register the spacebar on the Remember Me box; both scenarios result in me having to immediately log out and right back in, this time remembering the Remember me box. Sure, it doesn't happen often because I use the Remember me option to remain logged in, but when it does happen, it can be annoying.

The previous RFC was for adding a section to the Edit "Remember Me" login keys" module in the UCP to allow me to decide to remain logged in after the fact. However, it was pointed out that this could have unintended side effects; specifically, on a public computer a malicious user could decide to hijack an account that is still logged in and set it to remain logged in beyond the current session. An option to prevent that could have been having to enter the password again on the UCP page, but then again, how is that really much different that logging out and logging back in?

So now we come to the actual request in this RFC, which is to either make the Remember Me box checked by default, or to add an ACP option so that the administrator can decide whether or not the box should be checked by default.
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
Jessica.
Registered User
Posts: 144
Joined: Wed Feb 09, 2011 8:17 pm
Location: Pennsylvania, USA
Contact:

Re: "Remember Me" checked by default

Post by Jessica. » Mon Feb 11, 2013 7:22 pm

I would like this +1

User avatar
callumacrae
Infrastructure Team
Infrastructure Team
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: "Remember Me" checked by default

Post by callumacrae » Mon Feb 11, 2013 11:58 pm

-1

Consequences of forgetting to tick the box: I have to log in again next time.
Consequences of forgetting to untick the box: If I'm on a shared computer, I'm still logged in.

One is annoying, one is dangerous.
Made by developers, for developers!
My blog

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: "Remember Me" checked by default

Post by MichaelC » Tue Feb 12, 2013 1:15 am

callumacrae wrote:-1

Consequences of forgetting to tick the box: I have to log in again next time.
Consequences of forgetting to untick the box: If I'm on a shared computer, I'm still logged in.

One is annoying, one is dangerous.
+1

Better safe than sorry.
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

Senky
Extension Customisations
Extension Customisations
Posts: 283
Joined: Thu Jul 16, 2009 4:41 pm

Re: "Remember Me" checked by default

Post by Senky » Tue Feb 12, 2013 9:07 am

Maybe template event could be added to that places, so that it is at least very easy to install a simple extension to have it checked by default...


User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1732
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: "Remember Me" checked by default

Post by DavidIQ » Wed Feb 13, 2013 11:31 am

Senky wrote:Maybe template event could be added to that places, so that it is at least very easy to install a simple extension to have it checked by default...
If the checked status went by a variable one could easily create an extension to just override it to be checked. Would also be possible in Olympus through a hook.
Image

User avatar
Dog Cow
Registered User
Posts: 270
Joined: Wed May 25, 2005 2:14 pm

Re: "Remember Me" checked by default

Post by Dog Cow » Thu Feb 14, 2013 6:31 pm

callumacrae wrote:-1

Consequences of forgetting to tick the box: I have to log in again next time.
Consequences of forgetting to untick the box: If I'm on a shared computer, I'm still logged in.

One is annoying, one is dangerous.
Are forum administrators really using auto login? I have it set in my sessions code so that administrators are never automatically logged-in, no matter the checkbox setting.

User avatar
callumacrae
Infrastructure Team
Infrastructure Team
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: "Remember Me" checked by default

Post by callumacrae » Thu Feb 14, 2013 6:40 pm

Dog Cow wrote:
callumacrae wrote:-1

Consequences of forgetting to tick the box: I have to log in again next time.
Consequences of forgetting to untick the box: If I'm on a shared computer, I'm still logged in.

One is annoying, one is dangerous.
Are forum administrators really using auto login? I have it set in my sessions code so that administrators are never automatically logged-in, no matter the checkbox setting.
I use auto login. I would be irritated if I had to log in every time!
Made by developers, for developers!
My blog

User avatar
Dog Cow
Registered User
Posts: 270
Joined: Wed May 25, 2005 2:14 pm

Re: "Remember Me" checked by default

Post by Dog Cow » Thu Feb 14, 2013 6:49 pm

callumacrae wrote:
Dog Cow wrote:
callumacrae wrote:-1

Consequences of forgetting to tick the box: I have to log in again next time.
Consequences of forgetting to untick the box: If I'm on a shared computer, I'm still logged in.

One is annoying, one is dangerous.
Are forum administrators really using auto login? I have it set in my sessions code so that administrators are never automatically logged-in, no matter the checkbox setting.
I use auto login. I would be irritated if I had to log in every time!
Well, I guess we just disagree on what levels of irritation we are willing to endure in the name of security.

I have my site set to accept user IDs when logging in (as well as usernames too, of course) and there's a log in form at the top of every page, so I just type 2, Tab, password, hit Return. And I'm in!

No sweat! And no auto logins! :lol:

Post Reply