amingilani
commented
10 years ago Don't mind me, I'll be a pest about all the issues I see. I love the fact that this is open source software, which is why I can keep giving my input.
Open amingilani opened 10 years ago
amingilani
commented
10 years ago Don't mind me, I'll be a pest about all the issues I see. I love the fact that this is open source software, which is why I can keep giving my input.
pinhopro
commented
10 years ago This is a security measure. It is a single page application using a Websocket connection.
So, whenever you close your browser, refresh the page, your connection will be closed and you will be forced to login again.
Also, there is no need to refresh, because the app is realtime. There are some grids that requires the user to refresh, but there is always a refresh button inside the grid, so you don't have to click on it.
Creating sessions is dangerous, since most of the users do not logout when they leave a website. This opens door to hackers
amingilani
commented
10 years ago Wouldn't it be more practical to close a session after a 15 minute window, instead of instantaneously when the Logo is clicked? It's a good tradeoff between security and usability.
I understand the refresh case will be a tad bit more difficult to deal with.
pinhopro
commented
10 years ago 15 minutes is enough for a hacker clean your account :)
Clicking on the logo should take you to the initial page. I will fix that.
amingilani
commented
10 years ago Thank you for that. However, I'd still encourage to keep this issue open. CEX.io has a timeout of 15 minutes, Coinbase goes even longer. Let this issue gain a few more votes please.
felipecsl
commented
9 years ago +1 for keeping a session open and maybe allow users to request 2FA token upon every action, which could be a nice security countermeasure
pinhopro
commented
9 years ago Hi @felipecsl and @amingilani
Are you still having connection issues?
Thanks, Rodrigo
Refreshing the page or clicking the logo signs a user out. Even if you've just signed in.