On hold

Remote log-out and why

  • 27 September 2019
  • 4 replies
  • 44 views

Userlevel 7
Badge +11
  • Rocket Scientist
  • 10887 replies

Given that you remain logged in unless action is taken to log out, it's possible to remain logged in on a computer you may not have access to where you may have forgotten to log out.
Gmail solves this problem with an option to log out of all active sessions from anywhere as long as you log in.
I'd like to see the same facility on PP account logins and the community. It's important, if I'm somewhere else and I forget to log out, anyone else opening purepla.net or community.purepla.net will be logged in as the last login. It's a security issue.
I know it affects relatively few, but still...


4 replies

Hey @woz
Adding your post to the existing idea.
It's not being ignored. It's just very complex!
Userlevel 7
Badge +11
As much as I applaud the ease of staying logged in unless you log out, there's an issue with persistent login if you're on another computer and forget to log out.
Anyone coming to that computer can potentially be logged into your account.

On gmail (for example) you have the ability to remotely log out of all sessions. Please can we have this as a feature for those who may not be on their own computer and have forgotten to log out?
This is a massive security hole even though it may be self created by forgetting (and I have).

(Also there may be changes coming which may (I don't know) mean that community and account logins are synchronised although that's a bit of an aside but if true this is even more important)

Moving this one to ‘On Hold’.

We’ve got a long priority list. This one’s v complex and it’s not on the list.

Userlevel 7
Badge +11

It’s not quite the same as it was, as I said in another post which I cant find now, I’ve had two situations now, one where I was almost permanently excluded (but for my phone generating a login mail I wouldn’t have got back in and potentially no means of communicating unless you have the app which isn’t primarily designed for community but for accessing account)

The other being that the login button appears but when clicked no mail is generated you are logged in but you don’t know it until the button is clicked.

You’re right it’s complex  and there is still a potential security issue.

Reply