Page 1 of 1

Cyclos session expired behavior

Posted: Wed Feb 27, 2013 7:13 am
by cycloshost
Hi,

we observed that in most banks when the session is expired (for example after 15min.) the browser is automatically disconnecting and logging off, offering the user the login page with an explanation message. Now in Cyclos the browser maintains the session and the logoff is made only when clicking another page.

Did you think about the possibility of implementing this kind of logoff behavior in Cyclos?

Re: Cyclos session expired behavior

Posted: Wed Feb 27, 2013 1:54 pm
by admin
Disconnecting users and showing the login page can be problematic for users because you can lose input data. Some banks just show a 'session expired' messsage with an option to login. That seems more to correct to us. We will put this on the wishlist. Thanks for the suggestion.

Re: Cyclos session expired behavior

Posted: Wed Feb 27, 2013 2:03 pm
by simonjwoolf
I would like to jump in here with a related client request we have had.

Currently there seems to be a security issue with Cyclos, in that if a user's session expires or they log out, it is still possible to use the back button to access logged in pages which they visited in the previous session. This is a security risk, particularly for users who might use a shared computer (eg: in an internet cafe).

Surely the app should be set to expire all pages immediately, to prevent this behaviour?

Simon.

Re: Cyclos session expired behavior

Posted: Wed Feb 27, 2013 3:14 pm
by admin
Issues with the browser back are always complex. We will have a look at it.