Skip to content
← For small businesses

Enter your idea

For small businesses: Settings & user roles

Categories

(thinking…)

Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)

Develop the feature where Xero doesn't log user out time is extended for more than 60 minutes when it’s idle.

Purpose: Because having to log in again can disrupt users' workflow, which some users had to be interrupted as they’re also taking care of their business at the same time.

1,057 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

AdminXero Team (Admin, Xero) shared this idea  ·   ·  Report…  ·  Admin →
not planned  ·  AdminKelly Munro (Community Manager, Xero) responded  · 

Hi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
If we detect there's been no activity on a page (e.g move movements, clicks, keyboard) for 10 minutes you'll receive an inactivity prompt ('Hey Kelly, are you still there?') and if your session reaches 60 minutes you'll be redirected to the login page. 

  • As a suggestion you can periodically refresh the screen <F5> to prevent the security timeout kicking in.

In more recent comments here it sounds like some of you are having issues with the login process or staying logged into Xero for less than 60 minutes. If you're experiencing unexpected behaviour, we'd highly recommend raising a case with our team of specialists at Xero Support where we have tools to investigate and confirm what's going on - Any details you can provide the team on the page you're trying to sign in from (e.g URL, error 500 received) or actions you were making when the login issue occurred will help. Thanks

Show previous admin responses (1)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Wendy Jones commented  ·   ·  Report

    Allow user to determine log out period. I work between multiple programs on the same machine and despite being at my desk and active on my PC still have to log back into Xero multiple times per day. Inconvenient for me and not necessary as no one has access to my work area

  • Nicole Neale commented  ·   ·  Report

    I work on my own so there is no security issue. It is just frustrating and wastes my time. At least have an option so people can decide for themselves whether they want to use this feature.

  • Charlotte Broun commented  ·   ·  Report

    And if you have to get on with business and walk away from your desk..... any other person in the office can access confidential information.

  • Fiona Granger commented  ·   ·  Report

    more time as it is a pain logging in and out all day long

  • Michael GARRETT commented  ·   ·  Report

    Presumably the auto 'log-out' feature is for security? If so then that should over-ride convenien e, unless every employee is entitled to access OR accounting personel have separate offices? I'd want to log in again, it doesn't take a lot of effort to log in again

  • Peter Draper commented  ·   ·  Report

    I often get interrupted when using Xero so would be very helpful

1 2 14 16 18 19 20