[horde] Displaying user name after AutoLogOff
Jan Schneider
jan at horde.org
Wed Feb 26 09:59:19 UTC 2014
Zitat von Uwe Heber <uwe at d2ux.org>:
> Am 24.02.2014 21:07, schrieb Michael M Slusarz:
>> Quoting Jan Schneider <jan at horde.org>:
>>
>>> Zitat von Uwe Heber <uwe at d2ux.org>:
>>>
>>>> Hello together,
>>>>
>>>> I just wanted to ask, if you consider it as helpful when the user name
>>>> is displayed after AutoLogOff in the login screen of Horde-UI.
>>>>
>>>> Or is there maybe already a way to set this configurationally?
>>>>
>>>> Thanks for your feedback.
>>>>
>>>> Best regards,
>>>> Uwe
>>>
>>> Not sure what you mean. Do you want the user name field pre-filled in
>>> the login screen after being logged off by an expired session? Sounds
>>> like a bad idea to me. What's your rationale?
>>
>> Also, if the session is truly expired (i.e. doesn't even exist), how
>> do you even retrieve the username?
>>
>> michael
> Hello list,
>
> I am thinking about acookie whichcontains the encrypted user ID and
> which could be evaluated, as in the "remember me" functionality.
>
> Do you consider itas safety-critical if the user name was displayed
> inthe login formafter Auto-LogOff?
Yes, one of the main reason for expiring sessions is to automatically
log off user who have forgotten to log out manually. Showing those
users' names to anyone walking by the computer is an undesired
information disclosure.
> Is there already a "remember me"
> function in Horde? Could this bean option?
No. Maybe.
--
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject
More information about the horde
mailing list