I've noticed the session timeout on lds.org is pretty short. I find this to be counterproductive as I visit the site several times a day to get phone numbers or look up member information.
I can understand someone thinking it somehow increases security, but in reality all it does is force me to use my browser's ID caching to let me log in reasonably quickly. There's in fact no security benefit whatever to a short session timeout that I can think of.
Is it possible to get it increased?
Session expiry
-
- Community Moderators
- Posts: 9858
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
I have no problems with this. But I check the 'Remember me?' box when I logon to create a never ending session cookie.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
-
- Community Administrator
- Posts: 34417
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
How short is it? I think many web sites use something like 20 minutes for the session set on the web server itself. Unless you do a "Remember me" you'll always have to be logging back in. The only exception might be if there's active content on the screen that causes the browser to request periodic updates which function as a "keep alive".
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 3907
- Joined: Mon Sep 24, 2007 9:17 am
- Location: Cumming, GA, USA
jdlessley wrote:I have no problems with this. But I check the 'Remember me?' box when I logon to create a never ending session cookie.
I've never seen a 'Remember me?' box for the main lds.org login. Where did you find that?
-
- Community Moderators
- Posts: 9858
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
There is no 'Remember me?' for the main lds.org site now that I look at it. There is one for the forum. So I guess I can't say why I never have any problem with sessions expiring. For each site I visit that requires LDS Account logon I have never had a session expire. But then my activity on the site may keep the session timer updated.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
- tomjoht
- Member
- Posts: 362
- Joined: Tue Dec 21, 2010 12:48 pm
- Location: Utah, USA
- Contact:
- tomjoht
- Member
- Posts: 362
- Joined: Tue Dec 21, 2010 12:48 pm
- Location: Utah, USA
- Contact:
- MatthewEhle
- New Member
- Posts: 16
- Joined: Fri Aug 12, 2011 2:07 pm
- Location: Riverton, Utah
johnsonth wrote:It turns out that sessions expire when you go from https to http. There's a fix planned for this that will be implemented in Q1 of 2012. If you don't cross from https to http, the max session timeout is 10 hours. Idle timeout is 60 minutes.
Right now, all the parts of lds.org that are SSO (single sign-on) can only have one timeout value. Thus, we have had to compromise on timeout values for sensitive applications (financials, member-leader, etc.) and those are less sensitive (scriptures, music, etc.). That's why lds.org may have a shorter timeout value than one would expect. There is no guarantee on this, but we are also looking at technology that will allow us to have different session timeouts for different parts of lds.org.
I'm glad you found that your issue came from the crossover from HTTPS to HTTP. I was partially responsible for implementing that security change. However, I'm not sure what fix you are referring to. Is there some part of lds.org that is redirecting or linking you to HTTP? The session loss when going to HTTP is an intentional change that we made earlier this summer, and there are no plans to change it.
Matthew Ehle
Access Management Engineer
Access Management Engineer