Skip to content
← Share and support customer ideas for Xero

Settings and activity

1 result found

  1. Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)

    1,061 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    403 comments  ·  For small businesses » Settings & user roles  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Not in pipeline  ·  AdminKelly Munro (Community Manager, Xero) responded

    Hi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
    Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
    If we detect there's been no activity on a page (e.g…

    An error occurred while saving the comment
    Cheryl Watson commented  · 

    Rubbish - its completely unnecessary - no other software for accounting has this !!

    An error occurred while saving the comment
    Cheryl Watson commented  · 

    1

    Cheryl Watson supported this idea  · 
    An error occurred while saving the comment
    Cheryl Watson commented  · 

    Need to stop this auto log out after 60 minutes - you keep saying it's for security but if that is the case we can log out ourselves - no other software has this - Its nothing more than a waste of time - we do not sit at our desks every minute of every day and with the app you have to get codes for as well its nothing short of ridicules. If it continues, we will have to change software as all our staff are complaining.

    An error occurred while saving the comment
    Cheryl Watson commented  · 

    Need to stop this auto log out after 60 minutes - you keep saying it's for security but if that is the case we can log out ourselves - no other software has this - Its nothing more than a waste of time - we do not sit at our desks every minute of every day and with the app you have to get codes for as well its nothing short of ridicules. If it continues, we will have to change software as all our staff are complaining.