Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)
Develop the feature where Xero doesn't log user out time is extended for more than 60 minutes when it’s idle.
Purpose: Because having to log in again can disrupt users' workflow, which some users had to be interrupted as they’re also taking care of their business at the same time.
AdminXero Team
(Admin, Xero)
shared this idea
Hi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
If we detect there's been no activity on a page (e.g move movements, clicks, keyboard) for 10 minutes you'll receive an inactivity prompt ('Hey Kelly, are you still there?') and if your session reaches 60 minutes you'll be redirected to the login page.
- As a suggestion you can periodically refresh the screen <F5> to prevent the security timeout kicking in.
In more recent comments here it sounds like some of you are having issues with the login process or staying logged into Xero for less than 60 minutes. If you're experiencing unexpected behaviour, we'd highly recommend raising a case with our team of specialists at Xero Support where we have tools to investigate and confirm what's going on - Any details you can provide the team on the page you're trying to sign in from (e.g URL, error 500 received) or actions you were making when the login issue occurred will help. Thanks
-
Michael Hames
commented
For Gods sake - make the timeout user settable! This is POOR - even free systems give you better control
-
Jason Hogan
commented
Come on Xero, you can do better than this. I have 3 files, 3 businesses. Logging in all time wastes our time!
-
Kevin Houde
commented
Please make this adjustment! Thx :)
-
Accounts Department
commented
If Xero can let us adjust the timeout settings, it'd be great. I work from home, I want to stay logged in all the time. My workmate wants to stay logged in all the time too, though he works in the office. We are too busy to log in several times a day.
-
Ell Pamment
commented
Two hours or so would be good...
-
Ell Pamment
commented
I'm constantly having to log back in afer what I perceive to be a very short 'idle' time. The only other person who might look at my screen is the finance director, so really not an issue staying loggged in.
-
Luke Whitehill
commented
Wendy Jones - ref the MFA, you can select "trust this device" when logging into Xero which will not ask you for MFA for another 30 days which may make the process easier for you.
-
Wendy Jones
commented
Very irritating especially with multifactor authentication! Give us an option to choose the inactivity time before getting automatically logged out
-
Grant Lues
commented
Seriously annoying element of Xero - every time I work in something else it logs me out like after 20-30 minutes. Working from home so no risk leaving it open. Come on Xero this is just a complete pain and waste of time
-
Colin Durrant
commented
This is really annoying. Just because people are not voting for this does not mean it is not annoying them. Most users would not know where to search or influence getting this changed.
-
Linda Cunningham
commented
Although I work primarily from a workflow app (not Xero) I'm forever having to log back into Xero throughout the day which is time-consuming.
-
Oliver Ventur
commented
The automatic log out is currently having a severe impact, and disruption on being able to complete work. I currently work with many tabs open at a time and each time I get logged out only after a short period, it takes me nearly 30mins to reload all the tabs and get to the positions they were at prior to being logged out. Before any significant work can be completed, the system logs me out again, and I have to do this process all over again. This occurs many times a day, meaning that most of the day is being spent logging back in and reloading tabs, rather than completing any work. It is a complete nightmare! There needs a way to be able to adjust this urgently!
-
Anne Baillie
commented
I understand it is a security issue - then please provide an app for Mac desk top etc.
-
Erfan Imani
commented
Especially with the projects and time tracking functionality, this would be good to have — I find I'm using Xero a lot more for operational work, and having to log in every time after a brief period of inactivity wastes a lot of time.
-
Susan Voutier
commented
I'd absolutely love to see this happen. Has it been developed yet? I find it pretty frustrating to be logged out against my will all the time.
Being logged out after a certain amount of time should be an option, not the default. -
Iterate Australia
commented
Idea was shared in 2013 and there still is no fix in 2022
Quite surprisingWhen you trust a device, you trust the device
At least give users the option to tweak setting to their own likingIt is very annoying to log in 10 times a day
-
Janice Thomas
commented
It would be great to be able to stay logged into Xero and not have to sign in several times a day