Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)
Develop the feature where Xero doesn't log user out time is extended for more than 60 minutes when it’s idle.
Purpose: Because having to log in again can disrupt users' workflow, which some users had to be interrupted as they’re also taking care of their business at the same time.
![](https://secure.gravatar.com/avatar/3e8620417a8479ef69d5350df419cb19?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
Hi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
If we detect there's been no activity on a page (e.g move movements, clicks, keyboard) for 10 minutes you'll receive an inactivity prompt ('Hey Kelly, are you still there?') and if your session reaches 60 minutes you'll be redirected to the login page.
- As a suggestion you can periodically refresh the screen <F5> to prevent the security timeout kicking in.
In more recent comments here it sounds like some of you are having issues with the login process or staying logged into Xero for less than 60 minutes. If you're experiencing unexpected behaviour, we'd highly recommend raising a case with our team of specialists at Xero Support where we have tools to investigate and confirm what's going on - Any details you can provide the team on the page you're trying to sign in from (e.g URL, error 500 received) or actions you were making when the login issue occurred will help. Thanks
-
Suzanne Varghese commented
Having to continually log back is inefficient, inconvenient and therefore costly and frustrating. Is there a solution to this problem yet?
-
Suzanne Varghese commented
How annoying is this
-
Administrator ToTal Risk commented
This is probably the only frustration I have with Xero and I am reminded of it multiple times each day. As for 'periodically refreshing the screen' as a workaround - Kafkaesque
-
Matthew Dipple commented
It would be great to be able to disable the timeout function on a trusted computer as well--I work on a computer in a secure location all day, and track time using the Xero timer. It is a pain to need to log in 10+ times per day just to track time! Please add my enthusiastic vote for this item.
-
Wendy Jones commented
This discussion has been open for some time - will there be a resolution soon? I work all day in between different programs and find it so frustrating having to login when returning to Xero. It is disruptive, frustrating and surprisingly time consuming especially with the 2 factor authentication. Please allow the user to set the timing out limits using Administrator rights
-
Matt Eady commented
2022 and you still haven't implemented this option. SOO frustrating.
**THIS MAY BE A WORKAROUND FOR CHROME USERS**
Auto Refresh Extension for Chrome:
https://chrome.google.com/webstore/detail/easy-auto-refresh/aabcgdmkeabbnleenpncegpcngjpnjkc/related?hl=en -
Richard Hatherly commented
Or you could you have an option per account for the customer that let's us choose if we get logged out or not.
It's very annoying, coming from a desktop app to be entering data, get a phone call, come back to xero and you are logged out.
VERY ANNOYING!
-
Sue Campbell commented
Pleeeeeeeease :(
-
Mark Laforest commented
Such an easy change to do ... c'mon Xero. It can be a parameter per user that the Administrator sets so if you want it open for 8 hours then the Admin user determines the merit of it and sets it per user.
To say Xero makes that determination for all companies because of the sensitive information is a way round of not doing the enhancement. -
Michael Shanahan commented
This "feature" drives me crazy.i have to log-in again and again every day. It's starting to become a reason to change platforms.
-
Carla Risdon commented
It is very disappointing that we have all found our way here for the same frustrating reason and nothing has changed.
Edit: I have received a reply from Xero Support:
Unfortunately, we're unable to extend our log-out time past 60 minutes, as we do hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
Any session information running on a web browser can potentially be stolen. If the session does not time out then you have an infinitely long vulnerability window to session hijacking. The best option is to keep a tight expiration window on the session cookie, and regenerate them frequently.
Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
However it is a priority for us to continually improve the way we handle sessions and session timeouts. We are working on better strategies and looking at changing our authentication model to better cope with session timeouts, browser connection failures and application upgrades.
A suggestion in the meantime would be to regularly save your data and periodically refresh the screen <F5> to prevent the security timeout kicking in.
We would also suggest you tick 'trust this device' if you haven't already.
Kind regards
Zaheer
-
Dave Flower commented
Is there any update on this feature being created? Like many here, I am using Xero all hours of the day, so coming back to find I have to login again is a pain big time.
-
Gergana Aneva commented
I can't believe only 23 people (myself included) have voted for this since 2013. This is one of THE MOST ANNOYING things that I need to deal with every day at work.
I'm sure it's not that difficult to fix it. -
Simon Leaity commented
Xero please make this user adjustable. it is highly frustrating being logged out constantly
-
Michael Hames commented
For Gods sake - make the timeout user settable! This is POOR - even free systems give you better control
-
Jason Hogan commented
Come on Xero, you can do better than this. I have 3 files, 3 businesses. Logging in all time wastes our time!
-
Kevin Houde commented
Please make this adjustment! Thx :)
-
Accounts Department commented
If Xero can let us adjust the timeout settings, it'd be great. I work from home, I want to stay logged in all the time. My workmate wants to stay logged in all the time too, though he works in the office. We are too busy to log in several times a day.
-
Ell Pamment commented
Two hours or so would be good...
-
Ell Pamment commented
I'm constantly having to log back in afer what I perceive to be a very short 'idle' time. The only other person who might look at my screen is the finance director, so really not an issue staying loggged in.