remove auto-expiring session option at log in
April 02, 2022, 09:48:38 am
My "philosophy" is that things that aren't essential or frequently used should be a)easily removable and b)probably not enabled by default. And I think that "remember me" or "how long you want to stay logged in" feature on a log-in screen falls in that category. Maybe I'm weird, but I don't think I've ever in my entire life wanted my session/cookies to automatically expire after some time. OTOH, I've been annoyed by this feature many many times. If someone doesn't want to be logged in anymore, they can just... log out. Or visit the website in a private/incognito browser window in the first place. It's never been easier. The EU cookie law also helped to raise awareness among the general population. And I just opened the Twitter, Facebook and Gmail log in pages. None of them has expiring session options. You might say it's because they want to track you, fair enough. But my point is that people are used to this behavior, it's standard for the most popular websites. So I think having such checkboxes or drop down menus in a forum UI contributes to clutter and confusion. And of course it's not just ElkArte. Other forums have this too, and they're all wrong IMO.
Re: remove auto-expiring session option at log in
Reply #1 – April 02, 2022, 10:54:45 am
I will agree that the time-based approach (after an hour, a day, a week) whatever that SMF had historically... that should have gone a while ago. I don't think I know anyone who ever had that use case. Not even me browsing forums from a work computer at lunchtime, back when incognito mode didn't exist, bothered to use the 'login for an hour'. I'd log out when I was done. I'm torn though on the 'remember me' option because the mechanics are a bit different for that. Facebook, Twitter etc. might not because they're pretty personal, and one can presume that a) you're probably logging into those from your personal device and b) if you're using someone else's device to log into these things you're probably taking enough care about it after. This isn't 100% true, there are plenty of cases of people who've used shared devices and forgotten to log out afterwards. I remember seeing it one time where someone had gone into the Apple store in my hometown, used an iPad to check their Facebook and left it logged in. (Being a kind soul, I logged them out without tampering with their account.) Forums though occupy a slightly different ground whereby they're generally less personal and if you do happen to log into a forum on a shared/not-personal device, chances are you're less likely to be as diligent. I dunno. I definitely think there's a value still in having that option - as long as it's just the tickbox - and if not, as long as you're expected to reauthenticate occasionally (like Patreon does, roughly once a month from what I've seen) that's a reasonable precaution. As for 'the EU cookie law taught...' the only thing it taught people was to "press OK to make the annoying banner to go away", it has not done anything to actually teach people about privacy - and guaranteed it did nothing to encourage site owners to actually cut down on cookies like analytics, it just made them figure out how to spin it as essential.
Re: remove auto-expiring session option at log in
Reply #3 – April 02, 2022, 07:31:33 pm
As you noted the minutes to bla bla has been removed in 2.0 and only the remember me checkbox remains. The extra login bar in the header has also been removed as its just redundant clutter. I'm with Arantor, I still see the need for the "opt in" checkbox to stay logged in, I don't see that going away. Setting it as the default maybe an option, have to think abut that.
Re: remove auto-expiring session option at log in
Reply #5 – April 03, 2022, 01:11:43 pm
Thing about the “forever” option is that it’s actually longer lived than you might think. Assuming the same code as in SMF (and I’m on mobile now so can’t easily check), the cookie for forever stays there for 6 years or until you log out. I don’t know if that’s necessarily a good thing or not.