Below the login credentials there is this cryptic “remember me” that doesn’t mean anything at all.
Remember me for what, for how long and what for?
The correct syntax for such checkboxes is:
Remember me for XX days on this computer
Read-only archive : Issues · ClassicPress/ClassicPress · GitHub
Author : John
Vote count : 21
Status : open
Comments
I agree it isn’t incredibly self-explanatory, although, in well over a decade, I’ve never once been asked by anyone what it means. I think it’s pretty universal by now, but that’s just a guess. At any rate, this text can be easily changed on a case-by-case basis with the following code-snip, so it seems a bit much to add it to core.
add_filter(‘gettext’, ‘copo_remember_me_text’, 10, 3);
~ posted by Code Potent
I’m not sure about your statement that it is self explanatory. What would be? That your login is remembered? Then why I’m I logged out after some time?
Many clients of mine are asking about that, others of course don’t really care as the login once in a while only and when they come back they are always logged out anyhow.
This setting should be detailed for visitors + configurable by admins.
~ posted by John
This is one of those things where I still find myself wondering “huh, I wonder how that works exactly” and then ultimately ignoring it. It could definitely be improved, but I don’t think it’s a high priority that causes lots of difficulty with the platform either.
If this is going to continue to exist then I would support changing it to “Remember me for XX days on this computer”.
@mark kaplun: when such a UI is done thoroughly it usually asks you whether you’re using the site on a trusted/permanent device.
Though maybe even those prompts shouldn’t exist. What an untrusted device chooses to do with your cookies is the least of your concerns if you’re typing passwords in there.
~ posted by James Nylen
@James , agree to both your comments. This obviously needs some more thinking, but if you login from an untrusted device and this could mean just internet kiosk which do not properly clean all browser history when restarting for new user, then the cookies should be set to session only, not even the default two days.
Maybe the right thing is to use session cookies by default and let the user set something like device trust level from the admin.
Using session as default might also be a good way to fight CSRF
~ posted by mark kaplun
At first glance it sounds like a minor issue, but it actually could be a significant change (improvement) from WordPress Core if done well.
We have many managed hosting clients that install third party plugins in order to save their customers’ login sessions longer, esp. for WooCommerce.
If this is going to continue to exist then I would support changing it to “Remember me for XX days on this computer”.
This sounds about perfect. Maybe 30 days is a good default?
This obviously needs some more thinking, but if you login from an untrusted device and this could mean just internet kiosk which do not properly clean all browser history when restarting for new user, then the cookies should be set to session only, not even the default two days.
These are very interesting ideas, however might be getting too complex for basic Core features I think. However, by keeping in mind potential customization it might provide for easier session tweaking when using third party plugins.
~ posted by Jesse
viktor
December 9, 2021, 7:53pm
3
What is everyone’s thoughts on this? Should we improve it or remove it for security? Since I’m working on the login form, I can take a look at this. Especially if we can remove it, so the username isn’t being saved to the browser.
james
December 9, 2021, 8:01pm
4
I don’t think this should be removed, that wouldn’t really improve security and it would definitely hurt convenience.
A good next step here would be to look into what this actually does and improve the wording. Maybe something like “Remember me for XX days on this computer”.
3 Likes
The “remember me” could be improved, honestly for 10+ years I always wonder how long does it remember?
This petition will be tracked on Github:
opened 06:18PM - 06 Jul 22 UTC
type: feature request
status: needs pr
status: needs tests
This was brought up as a [petition in the forums](https://forums.classicpress.ne… t/t/login-remember-me/2882):
> Below the login credentials there is this cryptic “remember me” that doesn’t mean anything at all.
>
> Remember me for what, for how long and what for?
> The correct syntax for such checkboxes is:
>
> Remember me for XX days on this computer
I will experiment with improvements to this checkbox as part of the overall improvements to the login page I started last year (#796).
viktor
July 9, 2022, 6:19pm
8
This topic was automatically closed after 3 days. New replies are no longer allowed.