ForumsQuestionsStaying logged in on the website


Staying logged in on the website
Author Message
Rory

Posted: Jul 06, 2009
Score: 0 Reference
Hi,

I'm using Google Chrome 3.0.191.3, and I remain logged in even after closing the browser. I've made sure that I don't have the check box set for 'remember me for next time', so it's not that.

I don't have other browser windows open, and my google account (which is also set to not stay logged in) correctly requests my login information again.

I tried this in Firefox and it seems to have the same issue. Is this a known problem, or do I need to change something?

Cheers,

Rory
replytoken

Posted: Jul 07, 2009
Score: 0 Reference
I do not know if it is a problem, but I experience the same behavior w/IE or Chrome.

--Ken
Anders

Posted: Jul 07, 2009
Score: 0 Reference
I would guess it is a cookie thing. Have you tried deleting cookies after closing the browser, or setting your browser to do so automatically (I actually thought Chrome did that by default, but perhaps not)?
Rory

Posted: Jul 07, 2009
Score: 0 Reference
Well I don't want it to delete all of my cookies when the browser closes since they're useful for other websites I visit. I thought that the cookie should be invalid the next time I come to the site if that check box isn't set?

I tried this on Firefox for mac and I have the same problem. It seems like that login flag just isn't working.
Jake

Toodledo Founder
Posted: Jul 07, 2009
Score: 0 Reference
When you sign in, it will always keep you signed in for 1 week. The "Remember me" box just pre-fills your email address into the box when you return, so you have less typing. Closing your browser will not sign you out of Toodledo. You'll need to use the "Sign Out" link to sign out.
Rory

Posted: Jul 07, 2009
Score: 0 Reference
Ok, so this is by design? It seems like most websites which hold potentially sensitive data online (like banks, email services, amazon) will not keep you logged in after closing the browser unless you have checked the option to do so (if there even is one).

Have you guys considered doing the same? This seems much safer to me, since I don't have to remember to sign out every time I use a computer to access Toodledo.
Jake

Toodledo Founder
Posted: Jul 07, 2009
Score: 0 Reference
Yeah, we have considered this and it is on our to-do list.
Rory

Posted: Jul 07, 2009
Score: 0 Reference
Great, thanks. I really like Toodledo, and the fact that it is actively improving is a great sign. Keep up the good work!
rdd

Posted: Nov 23, 2009
Score: 0 Reference
What is the status of this?

I notice I am often forgetting to sign out, which worries me quite a bit.
Jake

Toodledo Founder
Posted: Nov 23, 2009
Score: 0 Reference
It is still on our to-do list. I am sorry that we don't have an update on this. Some web browsers or browser plugins have the ability to delete cookies when quitting the web browser. This might be an interim solution that you may want to look into.
clark

Posted: Apr 16, 2010
Score: 0 Reference
I have read more of the history here, seems like this lack of logging off is a known issue for a long while now. This is a security problem for a fee service like yours, please acknowledge that "remembering to sign out" is not acceptable.

I don't have a problem if to preserve security I can't use the plug-in. This needs a resolution.

Deleting cookies on exit is NOT a solution as it deletes key Cookie for systems I need to remain.


This message was edited Apr 16, 2010.
Jake

Toodledo Founder
Posted: Apr 16, 2010
Score: 0 Reference
Sorry, this is still on the todo list.
Fred_Foote

Posted: May 03, 2010
Score: 0 Reference
I'm adding my voice to a desire to make logging-out-upon-exiting the default behavior for safety. With some password programs, logging in when one specifically wants to (and knows the passwords) is not so time-consuming.
eykanal

Posted: May 03, 2010
Score: 0 Reference
For those of you who consider this a security issue, I'd just like to mirror my post here and point out that many high-profile websites (such as gmail, facebook, nytimes, twitter, and others) follow this logging-in model. In order to log out of gmail, you need to click "log out." The assumption is that your computer is secured via your login password. If your login password is not secure, update that first, then worry about your cloud-based services.

This message was edited May 03, 2010.
plaird

Posted: May 04, 2010
Score: 0 Reference
I hope whatever fix you come up with does not mean I can't continue to be signed in for two weeks. I am back and forth onto ToodleDo so often, I would really hate to have to be signing in and out each time.
Jake

Toodledo Founder
Posted: May 05, 2010
Score: 0 Reference
We have just changed the signin behavior to address this.

http://www.toodledo.com/forums/1/5893/0/security-changes-to-signin.html
danorris

Posted: May 28, 2010
Score: 0 Reference
NOTE: Even with the fix (Thanks Toodledo!), you may still experience the problem in Safari if you have "Private Browsing" enabled (it blocks cookies, history, etc). Turn off Private Browsing and Sign Out with no problems!
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.