Make Community session duration at least 8 hours. It is very inconvenient to re-login frequently.

cancel
Showing results for 
Search instead for 
Did you mean: 

Make Community session duration at least 8 hours. It is very inconvenient to re-login frequently.

Make Community session duration at least 8 hours. It is very inconvenient to re-login frequently.

 
7 Comments
ErichStyger
Senior Contributor IV

I highly support this idea: I have to log in several times a day which is very inconvenient. Even more, if you try to enter a comment or response while logged out from the system all entered text is lost too.

ErichStyger
Senior Contributor IV

I wanted to check: is this going to be implemented/changed?

It is very annoying to have to login that frequently, especially when you try to answer a post and you are not logged in, everything you typed in is lost

bobpaddock
Senior Contributor III

I agree with you.

 

I'd give you a Kudo, alas I can't.  When I log in they vanish. When I'm not logged in I see this thread has 19 of them also agreeing.  If I click on the Kudo when not logged in it forces a log in, so that they can make them vanish.

Do we even know that someone can fix the problem ever reads these?  "Never take a No from someone that does not have the authority to give a Yes."

 

ErichStyger
Senior Contributor IV

Hi Bob,

Do we even know that someone can fix the problem ever reads these?

I don't see any evidence

Erich

bobpaddock
Senior Contributor III

"I don't see any evidence"

Like the K32L form, no one from NXP ever checks it.

 

Adrian
Community Manager
Status changed to: Declined

Hello, 

In our community the session remains active up to 90min of inactivity after that the session is expired for security.

It is a matter of security and preservation of identity.

First, let's understand what is a session: A session identifies both parties of a transaction and establishes trust. When you log into a website like our mail account or even connect to a database system like Oracle, it identifies (creates a session) you. This is the way it knows it's you that is asking for your emails, for instance, and not some unknown third party.

This is done by leaving some token or cookie (or any form of identification) in your machine.

But why does it expires, then? Can you just keep this identification and that's it? Why complicate things?

The thing is-- this identification has to be transmitted every request, every time you ask for and receives data from the service, which in turn, exposes your identification token to be stolen or tampered with.

One of the many ways to deal with that is to expire sessions after some inactivity. The reasoning is simple; expiring sessions prevent someone that might have hijacked your cookie to use it later against you.

ErichStyger
Senior Contributor IV

To me, the setting of 90 minutes after inactivity is very acceptable. There was a bug (seems to be fixed now) that re-login failed, but with that one fixed, I think it is in line with other forum logins too.