Freshrss: Suggestion: Make the login timeout larger than 30 days
Currently, login expires after 30 days.
Having to login to my own service every 30 days is inconvenient, would it make sense to increase the timeout to be indefinite, or just a very long time? (1 year or longer)
C0rn3j
All 7 comments
I agree about the default. Note that it can be adjusted (at the bottom):
Frenzie
on 2 Sep 2020
Do you think changing the default to 31536000 (365 days) would be a good new default then?
I think I identified the responsible files so I can send a PR.
EDIT: Went ahead and sent a PR
C0rn3j
on 2 Sep 2020
Could someone try to find a reference to a good practice somewhere?
Alkarex
on 2 Sep 2020
It really differs from site to site, some examples I can think of:
- Nextcloud does 1 year.
- Helpscout(ticketing system) does 30 days, so does Runescape(game).
- Google seems to refresh the cookies to keep them alive but requires password re-entry for certain actions or if the client changed too much (different device/browser on the same cookie).
- Tt-rss expires the cookie on the smallest UA change (which is absolutely terrible UX considering browsers update often).
- Some sites limit the cookie to an IP with an optional checkbox.
- Some sites have indefinite or practically indefinite cookies.
C0rn3j
on 2 Sep 2020
I think 3 is about the minimum to avoid the worst of the "ugh, again!?" response.
Frenzie
on 2 Sep 2020
We should look into refreshing the cookie. I actually thought we already were doing it :-P
Alkarex
on 2 Sep 2020
Sorry for the delay; here is patch at last https://github.com/FreshRSS/FreshRSS/pull/3287
Please give it a try 馃巹
Alkarex
on 26 Dec 2020
Related issues
cwldev
路
5Comments
Aasemoon
路
6Comments
Alkarex
路
5Comments
mbnoimi
路
4Comments
Tealk
路
5Comments