GithubHelp home page GithubHelp logo

Add checkboxes: "remember me" + "I use a public computer" and make cookie expiration period longer for transition users, survey interviewers and admins when remember me is checked and not a public computer about evolution HOT 9 OPEN

kaligrafy avatar kaligrafy commented on July 18, 2024
Add checkboxes: "remember me" + "I use a public computer" and make cookie expiration period longer for transition users, survey interviewers and admins when remember me is checked and not a public computer

from evolution.

Comments (9)

greenscientist avatar greenscientist commented on July 18, 2024

Don't think it's a good thing to do for admins at least. It's a good security feature to have to login again.

from evolution.

greenscientist avatar greenscientist commented on July 18, 2024

Also, what do you propose as a period?

from evolution.

kaligrafy avatar kaligrafy commented on July 18, 2024

I don't know. What was the policy for this at facebook?

from evolution.

kaligrafy avatar kaligrafy commented on July 18, 2024

On many bank websites, you can check "remember me for 30 days"

from evolution.

kaligrafy avatar kaligrafy commented on July 18, 2024

We should also add a button "I use a public computer"

from evolution.

greenscientist avatar greenscientist commented on July 18, 2024

Ok, now that you have changed the title, you should probably split it into several issues.

from evolution.

greenscientist avatar greenscientist commented on July 18, 2024

At FB, we use 2-fac authentification for anything internal. Some system were at most 12h and defaulting to 3h. Some were longer depending on the criticality.

from evolution.

greenscientist avatar greenscientist commented on July 18, 2024

The bank example is bad, as I believe that doing that is a big security flaw. Desjardins is not bad, as it require a new login after less than an hour of inactivity.

from evolution.

tahini avatar tahini commented on July 18, 2024

So, what about this issue? We have a few new authentication methods: passwordless, anonymous.

Also, as discussed offline, we will aim at some point to have a separate user table for application users, with various levels of permission, and survey users. That will mean 2 separate login pages. Do we hold this issue for now and think again when we have an admin login page?

from evolution.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.