Forums » SEPHP Help and Tips

Remember Me Checkbox

    • 100 posts
    December 16, 2019 5:21 AM EST

    Hello folks,

    Since we've upgraded to 4.10.5 I have been getting complaints that the "remember me" checkbox isn't working anymore and our users have to login each time they visit the site.


    I know that enabling that feature is considered a security risk, but it's worth it to me to keep all the users from complaining to me!

     

    Any suggestions greatly appreciated!
    Nancy

    • Moderator
    • 5236 posts
    December 16, 2019 5:28 AM EST

    Yeah I delete that from my site it's so unsafe. Anyway, if you choose to use it, have them check their browser cookie settings. Good luck. 

  • December 17, 2019 11:18 PM EST

    I didn't realize you could disable it.

    • Moderator
    • 5236 posts
    December 18, 2019 7:22 AM EST
    Elshara Silverheart said:

    I didn't realize you could disable it.

    I manually remove it from the code. Security experts said using those is not recommended. You can see how bad it can be with Facebook. How many friends of yours have been hacked? I've had many. I assume it's from the lazy login feature of the past. It looks like they've removed it too though.

  • December 18, 2019 12:35 PM EST

    You know, encrypted login support like what Quora has via email verification coupled with security questions or better yet, verified browser sessions via cookies might make this process a lot easier and less hackable because the browser itself originating the request has to sign in to that encrypted email within a certain amount of time and password attempts from a new session to be able to verify itself properly before continuing.

    What I consider to be lazy login, is a password system itself. It's not ideal, never has been and people forget them all the time. If the password itself was something more secure, behind the scenes and on device encryption protocols, then only a traffic sniffer on the browser session itself would be able to have access to the data running through it and the server. If something like that hacked the server, it would need to verify tokens only the browser would have originating requests to data on the server, therefore no security breach could take place. Especially if to access the server, you needed its own token in that same space to be able to get anywhere, which is different than generating SSH keys.

    We can dream, though. I know I'm forgetting something crucial like the ability to have saved devices remember you only if your browser sessions on the device matched its last location verified by a local IP and network name.

    • 100 posts
    December 21, 2019 8:41 PM EST

    How do you disable/remove it from the code? If it's not working properly for us AND it is a security risk, I'd rather just remove the checkbox altogether....

    • Moderator
    • 5236 posts
    December 23, 2019 7:10 AM EST

    I don't have that info right now as it was a source edit but I'll try to look when I get time.

    • 100 posts
    December 23, 2019 11:38 AM EST

    Thank you Donna, no rush of course! I just changed the language to say "Remember Me is Disabled" for now.


    Merry Christmas if you celebrate!

    • Moderator
    • 5236 posts
    December 24, 2019 4:51 AM EST

    Merry Christmas!!

    • 100 posts
    January 1, 2020 7:48 AM EST

    Have you had a chance to see how to remove this? I currently have this and it looks kinda dumb, frown

    • Moderator
    • 5236 posts
    January 1, 2020 1:15 PM EST

    I had done it two ways, and the most current is just with CSS which does not modify source files and works on my site using default theme. This is what I have:

    #user_form_login.global_form_box #remember-wrapper { display: none; } .signup_login_popup_wrapper #buttons-wrapper #remember-wrapper { display: none; } #user_form_login #remember-wrapper { display: none; }
    • 100 posts
    January 1, 2020 3:50 PM EST

    That worked! You're a genius. :)

     

     

    • Moderator
    • 5236 posts
    January 2, 2020 4:53 AM EST

    LOL, Glad it worked.

    • 8 posts
    August 26, 2020 12:15 PM EDT
    Donna said:

    Yeah I delete that from my site it's so unsafe. Anyway, if you choose to use it, have them check their browser cookie settings. Good luck. 

    Hi, are you able to elaborate more on the browser cookie settings?

     

    Is it something that my website can enable for them?