Settings and activity
2 results found
-
1,057 votes
Hi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
If we detect there's been no activity on a page (e.g…An error occurred while saving the comment Hernan Puente supported this idea ·
-
88 votes
An error occurred while saving the comment Hernan Puente commented
This is so critical for people with more than one company in Xero, and also easy to implement. I come from Wave, where this is a standard feature, and I can't believe it doesn't work the same way in Xero considering it is a much more powerful platform.
Is it worth commenting considering this is a 10-year unattended request? Paying $70/month and having to log in 10 times a day seems unfair.