I highly support this idea: I have to log in several times a day which is very inconvenient. Even more, if you try to enter a comment or response while logged out from the system all entered text is lost too.
I wanted to check: is this going to be implemented/changed?
It is very annoying to have to login that frequently, especially when you try to answer a post and you are not logged in, everything you typed in is lost
I'd give you a Kudo, alas I can't. When I log in they vanish. When I'm not logged in I see this thread has 19 of them also agreeing. If I click on the Kudo when not logged in it forces a log in, so that they can make them vanish.
Do we even know that someone can fix the problem ever reads these? "Never take a No from someone that does not have the authority to give a Yes."
In our community the session remains active up to 90min of inactivity after that the session is expired for security.
It is a matter of security and preservation of identity.
First, let's understand what is a session: A session identifies both parties of a transaction and establishes trust. When you log into a website like our mail account or even connect to a database system like Oracle, it identifies (creates a session) you. This is the way it knows it's you that is asking for your emails, for instance, and not some unknown third party.
This is done by leaving some token or cookie (or any form of identification) in your machine.
But why does it expires, then? Can you just keep this identification and that's it? Why complicate things?
The thing is-- this identification has to be transmitted every request, every time you ask for and receives data from the service, which in turn, exposes your identification token to be stolen or tampered with.
One of the many ways to deal with that is to expire sessions after some inactivity. The reasoning is simple; expiring sessions prevent someone that might have hijacked your cookie to use it later against you.
To me, the setting of 90 minutes after inactivity is very acceptable. There was a bug (seems to be fixed now) that re-login failed, but with that one fixed, I think it is in line with other forum logins too.
Yeah that explanation about security is a joke. Every website on the planet with a login can handle this. And I don't think my NXP account will be the target of much hacking, seeing how it's not exactly useful or having any really important info or capabilities...
