Aquest lloc web fa servir cookies pròpies i de tercers per millorar l’experiència de navegació, i oferir continguts i serveis d’interès. En continuar la navegació entenem que acceptes la nostra política de cookies. Per a més informació consulta aquí.
Vés al contingut principal
Logo oficial de Metadecidim
  • Català Triar la llengua Elegir el idioma Choose language
    • Castellano
    • English
Registra't Entra
  • Inici
  • Processos
  • Assemblees
  • Iniciatives
  • Consultes
  • Jornades
  • Ajuda

Proposa noves funcionalitats

#DecidimRoadmap Dissenyant el Decidim entre totes

Fase 1 de 1
Obert 01-01-2019 - 31-12-2030
Veure les fases Envia una proposta
  • El procés
  • Debats
  • Proposa noves funcionalitats
  • Novetats
chevron-left Torna al llistat

[Security] Automatically sign out user after certain period of time

Avatar: Antti Hukkanen Antti Hukkanen
04/02/2021 14:11  
Finalitzada

**Is your feature request related to a problem? Please describe.**

Currently we have the possibility to configure "timeout_in" time which closes the session at Decidim's side after a certain period of inactivity. This is fine, as long as we don't have any external sign in options which also need their own sign out flows during the sign out from Decidim.

Another issue is that the user is not informed that their session is about to expire and it may come as a surprise that they were signed out.

**Describe the solution you'd like**

We'd like to have these changes to the session termination:

  • E.g. 1-2 minutes before the session is about to expire, the user should be shown a session expiration modal which states that their session is about to expire.
  • If the user wants, they could extend their session by clicking a button from that window.
  • When the session is automatically terminated, send the user to the normal sign out flow so that the user is also signed out from any external services that could be possibly configured for the sign out flow through Omniauth.
  • After the user is signed out automatically, show a special message that explains the user what happened, so they are not left wondering what just happened.

**Describe alternatives you've considered**

As mentioned, the alternative to this is already part of Devise but it does not take into consideration the external services' sign out flows. Also, the user experience is not greatest as the user will not get clear information about what happened and why.

**Additional context**

Similar concepts to what is proposed can be seen e.g. in online banking. This is an important feature when we provide strong authentication to the users as other people could possibly use their credentials if they did not sign out from the service.

**Does this issue could impact on users private data?**

Yes, this has a positive impact on users private data. Implementing these features keeps the user more secure.

**Funded by**

Mainio Tech

  • Resultats al filtrar per la categoria: Perfil de participant i configuració personal Perfil de participant i configuració personal

El desenvolupament d'aquesta proposta ha finalitzat

  • Reviewed by @product and accepted in the main project
  • Funded by Mainio Tech
  • Developed by Mainio Tech
  • Available in release 0.24 via in #7282

Llistat d'adhesions

Avatar: Decidim Product Decidim Product verified-badge
Número d'adhesions1
[Security] Automatically sign out user after certain period of time Comentaris 0

Referència: MDC-PROP-2021-02-16220
Versió 3 (de 3) veure altres versions
Verifica l'empremta digital

Empremta digital

El text següent és una representació abreviada i hashejada d'aquest contingut. És útil per garantir que el contingut no hagi estat alterat, ja que una única modificació provocaria un valor totalment diferent.

Valor: bd2a8ca6c11f8afb9764859665548779ba87a6a9a44e338432089a08485370d0

Origen: {"body":{"en":"<p><strong>**Is your feature request related to a problem? Please describe.**</strong></p><p>Currently we have the possibility to configure \"timeout_in\" time which closes the session at Decidim's side after a certain period of inactivity. This is fine, as long as we don't have any external sign in options which also need their own sign out flows during the sign out from Decidim.</p><p>Another issue is that the user is not informed that their session is about to expire and it may come as a surprise that they were signed out.</p><p><strong>**Describe the solution you'd like**</strong></p><p>We'd like to have these changes to the session termination:</p><ul><li>E.g. 1-2 minutes before the session is about to expire, the user should be shown a session expiration modal which states that their session is about to expire.</li><li>If the user wants, they could extend their session by clicking a button from that window.</li><li>When the session is automatically terminated, send the user to the normal sign out flow so that the user is also signed out from any external services that could be possibly configured for the sign out flow through Omniauth.</li><li>After the user is signed out automatically, show a special message that explains the user what happened, so they are not left wondering what just happened.</li></ul><p><strong>**Describe alternatives you've considered**</strong></p><p>As mentioned, the alternative to this is already part of Devise but it does not take into consideration the external services' sign out flows. Also, the user experience is not greatest as the user will not get clear information about what happened and why.</p><p><strong>**Additional context**</strong></p><p>Similar concepts to what is proposed can be seen e.g. in online banking. This is an important feature when we provide strong authentication to the users as other people could possibly use their credentials if they did not sign out from the service.</p><p><strong>**Does this issue could impact on users private data?**</strong></p><p>Yes, this has a positive impact on users private data. Implementing these features keeps the user more secure.</p><p><strong>**Funded by**</strong></p><p>Mainio Tech</p>"},"title":{"en":"[Security] Automatically sign out user after certain period of time"}}

Aquesta empremta digital es calcula mitjançant un algoritme de hash SHA256. Per reproduir-lo tu mateix, pots utilitzar una Calculadora MD5 en línia i copiar-hi les dades d'origen.

Compartir:

link-intact Compartir l'enllaç

Compartir l'enllaç:

Si us plau, enganxa aquest codi a la teva pàgina:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/16220/embed.js?locale=ca"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/16220/embed.html?locale=ca" frameborder="0" scrolling="vertical"></iframe></noscript>

Reportar contingut inapropiat

Aquest contingut no és apropiat?

Motiu

0 comentaris

Ordenar per:
  • Més antic
    • Més ben valorats
    • Recent
    • Més antic
    • Més discutit

Deixa el teu comentari

Inicia la sessió amb el teu compte o registra't per afegir el teu comentari.

Carregant els comentaris ...

  • Termes i condicions d'ús
  • Sobre la comunitat
  • Descarrega els fitxers de dades obertes
  • Metadecidim a Twitter Twitter
  • Metadecidim a Instagram Instagram
  • Metadecidim a YouTube YouTube
  • Metadecidim a GitHub GitHub
Amb llicència Creative Commons Web creada amb programari lliure.
Logo Decidim

Confirmar

D'acord Cancel·lar

Si us plau, inicia sessió

decidim Inicia sessió amb Decidim
O

Registra't

Has oblidat la teva contrasenya?