Is this an expected behavior: Logged in on hitting refresh

[sitapriyamoorthi]

Hi,
Been doing a lot of PROOFing... just wanted to make sure that this is an expected behavior:
When I refresh my PROOF page I am still logged in...
I am just thinking from a security perspective thats all!
Please ignore if this is an expected behavior.

[sckott]

yes, that's expected behavior. we changed to this behavior maybe a few months ago to solve a number of problems

• sometimes we'd have to reload the app to make sure it knows the server is up after starting it - and before you'd get logged out if you did that
• you can close the tab with the app and reopen and not have to log back in

from a security perspective you can't get to the app unless you're on campus or on a vpn - but i guess you could leave your computer in a public place someone could get it

any thoughts sita?

[sitapriyamoorthi]

Totally makes sense why those changes were made. But it would perhaps be worthwhile to check with Jenny and Ty to see if this actually works from a Info-Sec perspective!

[sckott]

yeah I can ask them

[sckott]

ok, pinged them in slack

[sitapriyamoorthi]

just adding a comment here that the log-in persists even now...

[sckott]

Jennifer and Ty got back to me about this - they asked InfoSec and they suggested 12 hrs. That seems too short, but maybe 24 hrs would be good - that's what the Cisco VPN does I'm pretty sure, which seems reasonable