Remember the login / keep me logged in

I use roll20 across 2-3 machines, each with 2 operating systems and 2 browsers each... (firefox for daily operations, and chrome for actual playing, cause of the incompatibilities with firefox) - I am sick of having to enter my password over and over, because if I start a user session on another one, the others drop it. I have a 16 character, small, big, numbers, special chars, randomly generated password, it's a total PITA having to enter/copy it over and over :-(. I know that keeping multiple sessionid cookies is a security risk for the user, but it's a very small one, and the inconvenience of having to log in over and over totally outweighs it. Please allow to have more sessions open at once, and not expiring for a week or more. Or maybe make a dedicated "client" application using nodewebkit, so I could just use only 1 browser (or fix the problems with low performance and audio/video on firefox).

Hi, Cyber Killer . This sounds like an issue that stems from your browser settings (or your computer's behaviour) periodically deleting your cookies. I've never experienced this issue (and looking at my cookies now, almost all have expiration dates months from now). I might suggest double-checking your browser's privacy/history settings to ensure that your browser is not clearing cookies periodically (or, if it is, to whitelist Roll20's domains).

Hi OK, I'll check, but I usually keep these sort of settings at their default. An example: I was using roll20, to run a game yesterday at noon (logged into firefox and chrome at the same time), and today in the morning I had to re-login (in firefox, chrome kept the cookie). Hmm... I just remembered - I do set 'do not track' always in my browsers, perhaps this is connected.

Cyber Killer said: Hmm... I just remembered - I do set 'do not track' always in my browsers, perhaps this is connected. This does sound suspect. I would try to whitelist Roll20, if possible, and see if that solves the issue.

For me, on any browser, Roll20 seems to have a twenty-four-hour activity timeout period, after which my remembered login expires. After twenty-four hours, going back to Roll20 results in me needing to log in again. (The period might be more than twenty-four hours, but it's definitely less than forty-eight hours.) This is not a problem for me, since I use LastPass and it handled the automatic login for me anyway. But I can confirm what Cyber Killer has reported.

There isn't anything we've done to limit your session between multiple browsers, so that's not it. Also, when I look at the cookies, the session variable isn't set to expire for about 2 weeks and I know when I came back after the weekend my session was still alive this morning. I know Chrome has a setting to automatically delete cookies when you close the browser, could this be it?

OK, but how do you handle 'do not track' headers? Cause this is the only thing that rings any bells here. I can't set to disable this only on a single site, so testing is not so easy without allowing the rest of the world to spy on me.

Phil B. said: I know Chrome has a setting to automatically delete cookies when you close the browser, could this be it? Not for me: I never delete cookies and do not use that setting. I also don't use do-not-track.

Cyber Killer: We don't do any off-site tracking, so there shouldn't be any issues with 'do not track'. We don't care what you're doing when you're not on Roll20, we would just like for you to be able to log in easily. :P David T: I'm not really sure what's going on then. If you really want to do some digging, you can look at all of the cookies we set and see what's happening. There is a extension for Chrome called Cookie Inspector, if you install it it adds a Cookies tab to the Developer Tools that shows all of the current cookies for the site your on. This should show the "rack.session" cookie which holds all of your sessions/user data that should make it so that you don't have to log in. Mine isn't set to expire until Sept 7.

I can believe you have no business in tracking all of us around the net, however, that can't be said about the rest of the internet companies. Anyway, I checked my cookies and they're also have expiration dates like 7 or 23rd of September. I'll try to get some kind of reproducible scenario for the lack of session holding, so please don't close this topic for the next week or so, ok?

No, it's not cookies; my earliest-expiring cookie is rack.session, which expires September 7. Like I said, it's not a huge deal to me, since LastPass logs me in automatically when this happens. I was just confirming what Cyber Killer reported.

I frequently have to login in again. I suspect it's because I use several devices and use whichever one is at hand.

My friend and I were just wondering why it keeps logging us out, and we thought it was an inactivity thing. It saves my password no problem, but I cannot figure out why sometimes I'll come back and I'll still be logged in, and other times I won't be.

I had the rack.session cookie still valid for the nex week (until 7sept), but today a new one was created, when I wanted to access the site (and I had to login again). Still no idea how/why it happens :-/.