Lengthen the time one stays logged in

0 Kudos

It seems that I am logged out of the community site after a few hours and therefore have to log in multiple times within a day. I don't know what the drawbacks are to lengthening the time one stays logged in. It seems reasonable that we would be able to stay logged in over the course of a day. If this were my bank I'd have a different opinion but all of the information on here is generally pretty public anyway. 

Marlan

2 Comments
ClaudiusH
Dataiker Alumni

Thanks for sharing this feedback. We've actually heard it before and the answer is the classic dilemma between usability and security. The longer the automatic logoff delay the longer the window for malicious users to obtain and use a captured or guessed session id. Since this setting also applies to the moderation and community management team with full access to administration we need to strike a careful balance.

Our Single-Sign on is configured that way that if you hit the community in a signed-out state it should transparently sign you back in via sso.dataiku.com and drop you back to the page you came from in a signed-in state.

Can you share some background to the scenario where you are asked to go through the full sign-in process where it interrupts your community activity and where the auto session recovery doesn't work? Also: Which browser are you using? Do you happen to use any browser extensions that limit cookie usage?

Status changed to: Gathering Input

Thanks for sharing this feedback. We've actually heard it before and the answer is the classic dilemma between usability and security. The longer the automatic logoff delay the longer the window for malicious users to obtain and use a captured or guessed session id. Since this setting also applies to the moderation and community management team with full access to administration we need to strike a careful balance.

Our Single-Sign on is configured that way that if you hit the community in a signed-out state it should transparently sign you back in via sso.dataiku.com and drop you back to the page you came from in a signed-in state.

Can you share some background to the scenario where you are asked to go through the full sign-in process where it interrupts your community activity and where the auto session recovery doesn't work? Also: Which browser are you using? Do you happen to use any browser extensions that limit cookie usage?

Hi @ClaudiusH,

Thanks for the response, the additional background is helpful to understand why the timeout is what it is.

I have to click the login button at the upper right to log back in each time. I don't actually have to specify my credentials again most of the time. Is that what you mean by transparently signing me back in?

So clearly not a big deal but just a bit annoying to have to do it multiple times a day.

I am using Chrome and am not using any browsers extensions that limit cookie use. Chrome is managed by my company though so there may be something installed that I can't see.

Thanks,

Marlan

Hi @ClaudiusH,

Thanks for the response, the additional background is helpful to understand why the timeout is what it is.

I have to click the login button at the upper right to log back in each time. I don't actually have to specify my credentials again most of the time. Is that what you mean by transparently signing me back in?

So clearly not a big deal but just a bit annoying to have to do it multiple times a day.

I am using Chrome and am not using any browsers extensions that limit cookie use. Chrome is managed by my company though so there may be something installed that I can't see.

Thanks,

Marlan