Currently, a secure zone login session is 24hrs, where the user will be logged out regardless of their site activity.
I assume this is a standard practice due to security of user data, etc. However, not all secure zone implementations require a high level of security or contain overly sensitive information, but require regular/recurring login by the users. So it would be good to be able to control this time period for a site (as an admin setting perhaps).
This could be incorporated with a ‘remember me’ option for login forms (which also seems to be standard practice) so that we had the option to allow users to remain logged in indefinitely if they choose to - else the session would be as per the admin setting time period.
BC secure zones seemed to remain logged in indefinitely by default, so users coming from that environment may expect that behaviour.
Implementations requiring logins are a barrier for users at the best of times, so having some control over the session time will help improve user experience where login is required and based on the level of security needed on a site by site basis.
Description for backlog item:
Provide a ‘Remember me’ option for login forms to allow users to remain logged in indefinitely and allow secure zone session time to be controlled via site settings in the admin.
