[keycloak-dev] Enable remember me by default
Stian Thorgersen
stian at redhat.com
Fri Jul 3 07:29:31 EDT 2015
----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 3 July, 2015 12:54:05 PM
> Subject: Re: [keycloak-dev] Enable remember me by default
>
> On 7/3/2015 4:14 AM, Stian Thorgersen wrote:
> > Should we have remember-me enabled by default for a new realm, and also
> > have the option clicked by default on the login form?
> >
> > In most cases a user would want to have this enabled. In the case a user
> > uses a shared computer it's recommended to use private/incognito mode in
> > either case, which will automatically clear all cookies and history.
> I vote no. I'm betting that most ordinary users don't even know that
> private/incognito mode exists. If they did, they wouldn't fully
> understand what it does.
End of the day users have to understand that if they use a shared machine they should either use private mode or log out. Closing the browser isn't guaranteed to clear the session (Chrome could be running in background, there could be a minimized window, etc.).
In fact quite a few sites do enable this by default, for example Google and Twitter. GitHub doesn't even provide an option they just always enable it.
>
> I'm also betting that most users don't really know what remember-me does
> either.
True - maybe we should change the label to "Stay signed in"
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list