Need to login multiple times

[J2D2]

For the last couple of days, I have had to logon each time I visited the message boards. I haven't logged off or deleted cookies in between visits. I don't know if the issue is with my computer/network or with BenefitsLink. Has anyone else had similar issues?

[Dave Baker]

Eeek. I don't think anything has changed at the BenefitsLink end.

[Appleby]

If you are using your computer at work, it is possible they have changed their settings for security reasons. Some firms are enhancing security measures to protect employees information by automatically deleting the ‘remember me’ option. It helps to protect financial information and assets.

Rhetorical question that may help to provide you with an answer… Do you use any other service for which you store user information? and if so, do you have the same issue with those?

[Bill Presson]

I have this issue if I log in at work, then take my laptop home and log in from home.

If i just log in at work and then don't log in at home, it will keep the cookies till the next day.

Just my experience.

[GBurns]

For quite a few months it has been a crap shoot as to whether the system recognizes me or not. It does not matter if my last visit was 2 minutes ago.

[maverick]

I am in the same situation as Mr. Burns. Sometimes I return to the site after 10 minutes and have to log in, other times I come back after several days and the system recognizes me.

Maverick

[Dave Baker]

I am in the same situation as Mr. Burns. Sometimes I return to the site after 10 minutes and have to log in, other times I come back after several days and the system recognizes me.

Yikes.

It took me a little while to locate it, but I think I have found the troublemaker and fixed it: I changed a setting in the message board software.

If you're interested (fasten seat belt):

The setting was designed to make the log-in process super-secure rather than just secure. It has to do with whether the user is accessing the message boards from a "new" IP address, compared to the one used with the last log-in. I think some corporate and ISP networks use "dynamic" IP addresses; your IP address changes every so often, perhaps even in the middle of a session while you're at your computer. Bot attacks can come from "zombie" computers each of which has its own IP address.

The change I've made will ignore any changes in the IP address with respect to the use of a particular computer. As long as you're sitting at a particular machine, you shouldn't have to log in ever again, if you use the message boards at least every 7 days (the log-in cookie on a particular computer is supposed to be good for 7 days; it also restarts that 7-day period every time you read a message or click on some message board link).

If you log in from another computer (a laptop or a home computer, rather than the office computer, for example), you're dealing with a different "cookie" file on that other computer, so it's a completely different 7-day period (7 days from the last time you used that other computer to read a message or click on some message board link).

The way the board was set up it probably meant a new log-in was required every time you went from an office computer to a home computer or vice versa; I hope the new setting eliminates that hassle as well.

Dave