Automatic login

Everytime I come to this forum, I need to go through a login - unlike previous forums which would log you in automatically when you arrived on the scene.
Is this by design? - or something that hasn’t been noticed?

It’s a by product of the way iChain works, which provides all openSUSE official sites with a single sign on.

Looks more as a multy sign on now :confused:

+1 for ‘Remember Me’ :slight_smile:

+2 for ‘remember me’

+0 for Remember me.

If you want it, your choice. But keep in mind that permanent login feature facilitates XSS or CSRF attacks against your accounts/identity.

Maybe Novell web apps are safe against these attacks, but other apps may not be. Bad habit. I will always advise against permanent logins with any web application.

In another thread earlier this wek somebody said that a login would hold for an hour, not permanent. In fact it is zero.

But when I keep a browser window open on say the main page, new windows are loged in already. So it seems that until I logout of KDE I still have a permanent login.

Quess what people are going to do.

+3 for ‘remember me’.

…but randomise autologins for FuryWS!

+4 for remember me

+N for remember me

What it means sensei?

+1 more for remember me

It’s a manual vote tally. The folks that post ‘+x Remember me’ are saying that they vote for having the site keeping them logged on (remember me) for some period of time. Apparently they were not paying attention to Kastorff who stated that it is a by product of iChain, which implies that it will not be changing anytime soon.

I did wish that there was a remember me feature, until I read FuryWS’s post. I never thought of that…

It’s not as easy, but it’s not that big of a deal.

If you’re using Firefox, it can be really simple. You can make Firefox remember your username and password for the login fields and just hit the login button. Not as easy as just staying logged in, but it makes it a lot easier than entering the information every time.

True…we have no say in how iChain’s global timeout value is configured. That’s an internal Novell decision.

Thanks harryc56, I completely misunderstood :confused: but now I do.

kgroneman said in another thread that the remember function was set to 1 hour. But I’ve seen a few people state that for them it’s zero time. It’s zero for me too. The 1 hour isn’t finding its way here from Novell.

Marcus Rueckert (darix) has been working on OpenID support for all openSUSE websites, and when this is implemented it won’t suffer many of iChain’s flaws such as this. So at least there is an eventual plan to fix this problem, but it might take some time.

Equally easy for konqueror + kwallet as well. You do need to hit the login button as you arrive but that’s really not a major nuisance… :slight_smile:

It is just what you call ‘major’. All the time I click on a thread in my RSS feeder or in my mail box, it opens without login and because of that it is not in my skin and not in my timezone. Then I click login, get the loginpage (filled in by kwallet), click again and there we are (ONLY two clicks more). But after I read and maybe answered I delete the window (may be stupid, but old habit) and go to the next thread: WRONG AGAIN. Sometimes I login more then 10 times an hour. Do not like it realy.

My by-pass: keep an iconised window open with the main page (or any page) of the site. But if that is something that the security gurus who invented this are happy with, I don’t know :wink:

If anything is worse than permanent login, it’s OpenID. Just think about it: the single log on to all the websites you use on the net, in hands of a third party and in the mercy of their security strengths or weaknesses.

All access, to all your online data, available with ONE url and password.

Firefox’ master password feature is neat. I don’t know if other browsers have it, and Konqueror can use KWallet.

What CAN be done, though, is to change the forum template and add username/login form to all pages (if you’re not logged in), that way you can autologin when you reach the forum, just hit login, assuming your browser stored username/password.