Re: [keycloak-dev] Enable remember me by default
----- Original Message -----
From: "Stan Silvert" <ssilvert(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 3 July, 2015 12:54:05 PM
Subject: Re: [keycloak-dev] Enable remember me by default
On 7/3/2015 4:14 AM, Stian Thorgersen wrote:
> Should we have remember-me enabled by default for a new realm, and also
> have the option clicked by default on the login form?
>
> In most cases a user would want to have this enabled. In the case a user
> uses a shared computer it's recommended to use private/incognito mode in
> either case, which will automatically clear all cookies and history.
I vote no. I'm betting that most ordinary users don't even know that
private/incognito mode exists. If they did, they wouldn't fully
understand what it does.
End of the day users have to understand that if they use a shared machine they should
either use private mode or log out. Closing the browser isn't guaranteed to clear the
session (Chrome could be running in background, there could be a minimized window, etc.).
In fact quite a few sites do enable this by default, for example Google and Twitter.
GitHub doesn't even provide an option they just always enable it.
I'm also betting that most users don't really know what remember-me does
either.
True - maybe we should change the label to "Stay signed in"
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev