FEU trusted Devices
Posted: Sun Jan 10, 2021 8:46 am
Hi I have a website where the front end has numerous members only pages, simply achieved using the excellent FEU module and the pages set to have a content type of protected content, with login and logout screens etc all works perfectly.
The website provides the members with a very specific function (voting on resolutions) - one which means that they only need to use the website a couple of times per year (which is perfectly fine) - and the userbase spans the full range from technophobes; average-joe and (non developer) tech-power-users. (please forgive my type casting but it important context).
So while some users may be using some form of credential-manager built in to their browsers or antivirus; others probably aren't
I heard some interesting feedback recently - basically criticism that because it is used 1/year (and they are failing to use their browsers built in credential/password manager) they are unsure what username to use (email doh !!) and they've forgotten their password.
The specific criticism was it is not as easy to use as Facebook / Instagram.
I have made one small step to spoon feed their ease of use - all newletters / email with embedded links now include the username as a URL param and the loginform grabs that from $smarty.request
An option considerd and rejected was the single-signin option described on CMSCanBeSimple where the password is hidden in the login form and pre-set to a shared default password - rejected because (given members know each others email addresses then they could hack each others votes).
thinking about Facebook / Instagram - whilst they are secured via an ID + password + optionally TFA/Bio etc; they make themselves easy and instant to access via the "recognised device" idea - now Facebook needs quite sophisticated multi device multi browser recognition.
My question is can anyone suggest a way of achieving a far simpler (and good enough) solution for what I'd like to do - when they login they can tick a box to say "trust this device"; if ticked I store that decision in a cookie (so far easy - know how to do all this) - the tricky thing I suspect may be impossible is getting FEU to allow / recognise an infinitely long session ?
Am I overlooking something or is this impossible (and yes I know if they'd simply use there browsers password manager then issue solved but users will be users LOL)
thanks in advance
The website provides the members with a very specific function (voting on resolutions) - one which means that they only need to use the website a couple of times per year (which is perfectly fine) - and the userbase spans the full range from technophobes; average-joe and (non developer) tech-power-users. (please forgive my type casting but it important context).
So while some users may be using some form of credential-manager built in to their browsers or antivirus; others probably aren't
I heard some interesting feedback recently - basically criticism that because it is used 1/year (and they are failing to use their browsers built in credential/password manager) they are unsure what username to use (email doh !!) and they've forgotten their password.
The specific criticism was it is not as easy to use as Facebook / Instagram.
I have made one small step to spoon feed their ease of use - all newletters / email with embedded links now include the username as a URL param and the loginform grabs that from $smarty.request
An option considerd and rejected was the single-signin option described on CMSCanBeSimple where the password is hidden in the login form and pre-set to a shared default password - rejected because (given members know each others email addresses then they could hack each others votes).
thinking about Facebook / Instagram - whilst they are secured via an ID + password + optionally TFA/Bio etc; they make themselves easy and instant to access via the "recognised device" idea - now Facebook needs quite sophisticated multi device multi browser recognition.
My question is can anyone suggest a way of achieving a far simpler (and good enough) solution for what I'd like to do - when they login they can tick a box to say "trust this device"; if ticked I store that decision in a cookie (so far easy - know how to do all this) - the tricky thing I suspect may be impossible is getting FEU to allow / recognise an infinitely long session ?
Am I overlooking something or is this impossible (and yes I know if they'd simply use there browsers password manager then issue solved but users will be users LOL)
thanks in advance