Cyclos session expired behavior

Functionality discussions and feature requests

Moderators: hugo, alexandre, rmvanarkel

Post Reply
cycloshost
Posts: 578
Joined: Mon Jan 30, 2012 8:12 am
Contact:

Cyclos session expired behavior

Post by cycloshost »

Hi,

we observed that in most banks when the session is expired (for example after 15min.) the browser is automatically disconnecting and logging off, offering the user the login page with an explanation message. Now in Cyclos the browser maintains the session and the logoff is made only when clicking another page.

Did you think about the possibility of implementing this kind of logoff behavior in Cyclos?
cycloshost.com
Cyclos administration and hosting

admin
Site Admin
Posts: 1422
Joined: Mon Jan 24, 2005 10:31 am

Re: Cyclos session expired behavior

Post by admin »

Disconnecting users and showing the login page can be problematic for users because you can lose input data. Some banks just show a 'session expired' messsage with an option to login. That seems more to correct to us. We will put this on the wishlist. Thanks for the suggestion.

simonjwoolf
Posts: 113
Joined: Mon May 28, 2012 8:49 am

Re: Cyclos session expired behavior

Post by simonjwoolf »

I would like to jump in here with a related client request we have had.

Currently there seems to be a security issue with Cyclos, in that if a user's session expires or they log out, it is still possible to use the back button to access logged in pages which they visited in the previous session. This is a security risk, particularly for users who might use a shared computer (eg: in an internet cafe).

Surely the app should be set to expire all pages immediately, to prevent this behaviour?

Simon.
---
Simon Woolf
Cyclos Consultant

admin
Site Admin
Posts: 1422
Joined: Mon Jan 24, 2005 10:31 am

Re: Cyclos session expired behavior

Post by admin »

Issues with the browser back are always complex. We will have a look at it.

Post Reply