Forums that logout your account frequently?

[Heatman]

Have you ever been in a forum where you're usually being logged out whenever you leave them page for a few minutes?

Personally, I find it very annoying to be logging in all the time when I didn't logout myself.

What could be the reason why accounts are logged out frequently?

 

[Tracy]

Resource conservation. Remember, Invision used to price their SaaS hosting by number of active user connections (they no longer do this).
Xenforo currently uses connected users as part of their metrics for determining what tier you pay for.
I'm not sure what Woltlab or vBulletin do for their SaaS as I have no interest in using their offerings.
So I can see an admin kicking folks off that are not active for 10-20 minutes to free up those connections.

 

[Shawn Gossman]

Sometimes, it could be forum/server problems as well, especially if you go using www. but the forum is setup without www.

 

[Tracy]

Sometimes, it could be forum/server problems as well, especially if you go using www. but the forum is setup without www.

That should never happen on a correctly set up site. As an example, all my inbound rewrites happen at the CF level even before it gets to my server, so the connectinig people are always SSL and the base domain name.
Even prior to setting it up that way, nginx redirected all inbound traffic (except a few that needed http apparently) to the https and root domain.
It can happen if a server gets restarted or the HTTP process is restarted.

 

[Heatman]

Resource conservation. Remember, Invision used to price their SaaS hosting by number of active user connections (they no longer do this).
Xenforo currently uses connected users as part of their metrics for determining what tier you pay for.
I'm not sure what Woltlab or vBulletin do for their SaaS as I have no interest in using their offerings.
So I can see an admin kicking folks off that are not active for 10-20 minutes to free up those connections.

No matter what reason they have for doing it, I don't like it one bit. It made me quit using a particular forum for overdoing it. It was so bad I even get logged out when I'm still online and open in the forum's page.

 

[Tracy]

No matter what reason they have for doing it, I don't like it one bit. It made me quit using a particular forum for overdoing it. It was so bad I even get logged out when I'm still online and open in the forum's page.

Remember the old saying... as it does apply.
Time IS money.
I have no issues with someone timing out a connection with 30 minutes of no activity.
Where this really hits hard also is on those cheap shared hosting plans that only allow XX number of MySQL connections. So yes, whether you like it or not, your convenience does not outweigh the cost of visiting a site that you probably have invested no money into and possibly a few hours of posting time. The admin has to determine what they can afford to keep offering a site.
I look at this from both sides. It's one reason that I have it set a little higher than most, but I also run on my own infrastructure (VPS or dedi) so I'm not at the whims of a hosting provider that charges me by connections.

 

[Shawn Gossman]

I have no issues with someone timing out a connection with 30 minutes of no activity.

Most websites are doing that these days, especially financial ones.

 

[Tracy]

For financial ones, it is more a security related issue. There are still people that go into a public library and access their web based accounts on those computers. Some of them even forget to sign out when they walk away.

 

[frm]

No matter what reason they have for doing it, I don't like it one bit. It made me quit using a particular forum for overdoing it. It was so bad I even get logged out when I'm still online and open in the forum's page.

XenForo has a cookie prefix setting ($config['cookie']['prefix'] = 'xf_';) for a reason.

If you're a new admin, you might've set up a dev installation using the default (xf_) and there be a conflict to have to change either/or at one time, knocking everyone offline. This is why I prefer subdomains on different instances for developing, but some do it in a sub-directory of the main domain which will cause a conflict if they don't explicitly set the cookie prefix in the first place.

For financial ones, it is more a security related issue. There are still people that go into a public library and access their web based accounts on those computers. Some of them even forget to sign out when they walk away.

Sometimes I have to use the library to print stuff and file it in the US as we have different-sized paper here (A4 measures 8.5 x 11 inches compared to the international A4 at 8.27 x 11.69) and I want to ensure it's scanned in properly on their end. I know that I log out of everything before leaving, and that our library wipes everything on logout/auto-logs out after timeout (history, cookies, saved passwords, etc.), but I still log back in to see if my email is still open, just in case.

That's wild that your library still saves the previous user's inputs.

 

[Tracy]

That's wild that your library still saves the previous user's inputs.

Only until I became the IT director for that city. A lot of things changed then. And a lot of employees griped that their screens would be locked after 10 minutes of no activity and they had to sign back in. On the dumb terminals and on the Windows machines.
We found a vendor that had software that was for use on public computers that you had to log into and it was set up to only keep you logged in for the session time you were set up for. It gave you a 10 then a 5 minute warning before you were logged out at the end of your time.
I forget who the vendor was as that's been years ago, but it was a nice function. Before then, the computers were just left logged in and anyone wanting to use them walked up and did so. We also have filters on the inbound/outbound traffic to prevent them being used other than for their intended purpose.

 

[frm]

I forget who the vendor was as that's been years ago, but it was a nice function. Before then, the computers were just left logged in and anyone wanting to use them walked up and did so. We also have filters on the inbound/outbound traffic to prevent them being used other than for their intended purpose.

Oh yeah, back in the '90s/2000s, this was the greatest way a teen could get into "trolling" (before that was a thing), by logging into previously used accounts.

I'm sure there's an update soon that'll use the webcam and AI to determine if a human is there and to lock down if a new human appears without the original on to log out without the timeout.

 

[Heatman]

XenForo has a cookie prefix setting ($config['cookie']['prefix'] = 'xf_';) for a reason.

If you're a new admin, you might've set up a dev installation using the default (xf_) and there be a conflict to have to change either/or at one time, knocking everyone offline. This is why I prefer subdomains on different instances for developing, but some do it in a sub-directory of the main domain which will cause a conflict if they don't explicitly set the cookie prefix in the first place.

I hope that the rest of new guys who are going to set up their forums with XenForo and other forum software like phpbb because I'm currently in a forum it happens get it right or they'll keep losing someone like me.