Re: Automatic logout 30-days after login
On Sat, Oct 27, 2018, Jim Higgins wrote:
My browser remembers also... and so does everyone else's, until the login cookie, which isn't refreshed upon each site visit, expires after 30 days.
You misunderstood.? I have my user/email and password saved by the browser.? When I arrive at the login screen, I only need to click the Log In button since the information is automatically inserted.? I was incorrect on the number of clicks though.? To access the site, I have a bookmark set to take me to the overview page, , so when I've been logged out, I need to click the Log In choice at the top, then the Log In button, so 2 clicks.? This is only on my home computer where no one else normally has access.? On my laptop that I carry when traveling, I have to manually enter the information.
Not only have I asked for a change, but I've also asked for the reason for only 30 days before expiration and why the cookie isn't simply renewed during each new visit... and unless I missed something I haven't received a response to either question other than that Mark decided otherwise "years ago." That's not a reason, that's a result. Does anyone know the real reason?
I just read all 61 of your posts on the beta group and you haven't asked for a change, nor a reason.? As all of us here are only users, we can only guess as to the reasons behind a decision Mark has made.? Only Mark knows the real reason.
Could that failure to see the discomfort be because, as is frequently stated, there's no official Gio presence on GMF
we wouldn't see those complaint threads several times weekly... week after week after week after week.
As has also been mentioned frequently on this group, the beta group is the only suggestion box for the site.? If you don't post there, it won't be considered.? You also have the option of contacting support, but may not get a reply quickly.? I think my personal record is getting a reply 7 months after my request. FWIW, here are the 'official' bits of information about the cookie(s) that I was able to find with a quick search: /static/cookie_policy which states "These cookies are strictly necessary to provide you with services available through our Site and to secure our Site:" Duane -- Help: /static/helpGMF's Wiki: /g/GroupManagersForum/wikiSearch button at the top of Messages list A few site FAQs: /static/pricing#frequently-asked-questions
|
Re: Automatic logout 30-days after login
All good points in both sides. (There, I've been politically correct.)
My group is a paid group of old codgers who won't go to a website if it is difficult to obtain entry. They complain about "not being able to use the website", but are appreciative of the emails of events.
As a paid group, I'd appreciate a way to have my membership get on the website easier.?
How about a poll on GMF to see it others feel the same way? This is not an official site, but we know Mark monitors it.
|
|
|
Re: Automatic logout 30-days after login
Received from Michael Pavan at 10/27/2018 09:00 PM UTC: That 30-day expiration is unnecessarily inconvenient. The "login link" is nothing but a temporary password - it expires.
One way to think of this expiration is that it is similar to a motion detector (or garage door opener) light - it only lasts for a pre-determined amount of time. Groups.io has chosen 30 days (or when you delete its cookie) whichever occurs first.
If you think it should be for a different amount of time, make the suggestion on the beta group email List.
I've done that to no avail. Others who don't get action press their point and seek support... so I'm simply doing the same. Not only have I asked for a change, but I've also asked for the reason for only 30 days before expiration and why the cookie isn't simply renewed during each new visit... and unless I missed something I haven't received a response to either question other than that Mark decided otherwise "years ago." That's not a reason, that's a result. Does anyone know the real reason? I'm reminded of the humorous story of how company policy is developed... Start with a cage containing five monkeys. In the cage, hang a banana on a string and put a set of stairs under it. Before long, a monkey will go to the stairs and start to climb towards the banana. As soon as he touches the stairs, spray all of the monkeys with cold water. After a while, another monkey makes an attempt with the same result, all the monkeys are sprayed with cold water. Pretty soon, when any monkey tries to climb the stairs, the other monkeys will try to prevent it. Now, disable the cold water. Remove one monkey from the cage and replace it with a new one. The new monkey sees the banana and wants to climb the stairs. To his horror, all of the other monkeys attack him. After another attempt and attack, he knows that if he tries to climb the stairs, he will be assaulted. Next, remove another of the original five monkeys and replace it with a new one. The newcomer goes to the stairs and is attacked. The previous newcomer takes part in the punishment with enthusiasm. Again, replace a third original monkey with a new one. The new one makes it to the stairs and is attacked as well. Two of the four monkeys that beat him have no idea why they were not permitted to climb the stairs, or why they are participating in the beating of the newest monkey. After replacing the fourth and fifth original monkeys, all the monkeys that have been sprayed with cold water have been replaced. Nevertheless, no monkey ever again approaches the stairs, why not? Because that's the way it's always been around here. WHY? Why not create a (permanent) Password, it takes less effort than getting a "login link" twice. I have a password and I know how to use it. And it does take less time to use it than it takes to get a login link. You're absolutely right about all of that. But now let me remind you of all the chatter here by group Owners saying their subscribers don't understand passwords... so while passwords work easily enough for you and me they don't work for many others because many others don't understand how to use them, can't remember their password because they didn't write it down, or simply never had one, because Gio doesn't require one to set up an account. I don't think it's logical to point to a solution that many have proven themselves incapable of using... or unwilling to learn to use... and reprove one or more of those scenarios several times weekly via problem reports in GMF. Why doesn't Gio just handle this login cookie thing as well as Yahoo did and eliminate the problem caused by 30-day cookie expirations? Simply refreshing the cookie on each visit would probably eliminate 90% of the problems caused by expired cookies. The remaining 10% (admittedly a wild guess) caused by over 30 days between visits might be cured with a 120 day or longer expiration time. Why not other than it was decided several years ago? It's clearly not working so well given the several complaint threads weekly here in GMF. Once you log in with a "login link", go the additional step to create a (permanent) Password.
I also recommend allowing your devise to remember it, along with writing it down. I created the ONLY account I have on Gio with a password from the beginning... and I ALWAYS write down my passwords and I don't use so many email addresses that I don't know which one is used on Gio. None of that's the point. The point is that Gio handles login credentials differently than literally (and I really mean "literally") every other place I have any sort of account that requires a login. All that use cookies to remember login info have cookies that are refreshed upon each site visit and if I don't visit, none expire anywhere near as soon as 30 days. As I said earlier... Yahoo didn't have this problem. It was maybe the only thing Yahoo did better than Gio does. Let my device remember my password? That's not a very good security practice unless the device is physically secured. Few are. I don't really want to go any further down the password path as it's not the real issue here. The issue is that a valid cookie created after proving identity via either password of via showing ownership of the email address that created the account is good on day one, but no good on day 31... with or without visits in the interim. Why? What's the rationale? If the status quo is worth defending, surely there's a reason for defending it? What is it other than that it was decided several years ago for reasons unknown? Jim H
|
Re: Automatic logout 30-days after login
Received from Chris Jones via Groups.Io at 10/27/2018 08:13 PM UTC: On Sat, Oct 27, 2018 at 08:31 PM, Jim Higgins wrote:
True enough, but when that "seldom" need arises the urgency/importance of that particular need is precisely the same as if it arose daily. That 30-day expiration is unnecessarily inconvenient. It results in frequent reports/complaints from members visiting a group and thinking they've been dropped as a subscriber. And unnecessary inconveniences don't become more palatable just because they happen seldomly.
For goodness' sake... My browser remembers my log - in details so it takes 2 clicks every 30 days. My life will not come to an end on that basis, and I see no evidence that the sky will fall on my head either. Of all the "inconveniences" in my life having to log in again from time to time simply doesn't feature.
I'm sorry but IMHO there are no grounds for complaining about this requirement. Although I accept that YMMV what exactly is so urgent or important about using the web UI that having to log in occasionally is simply too frustrating for words? How do you cope with the frustrations of waiting for a bus or train, or having to spend a few minutes refuelling your car, or whatever? Responding in kind... you must be blind or selfishly shortsighted not to notice more than a few complaint threads every week in GMF by users... or by owners on behalf of multiple users (and even themselves)... who visit the Gio site only to not be able to see the groups they're subscribed to. One of the reasons for that is expiration of the login cookie. If all who find themselves in that situation were savvy enough to know what the problem is in order to then know the cure is only two clicks away, we wouldn't see those complaint threads several times weekly... week after week after week after week. And I never said it was too frustrating for words. That's a straw man you designed and built from your own words just so you could easily knock it down. Jim H
|
Re: Automatic logout 30-days after login
Received from Duane at 10/27/2018 08:11 PM UTC: On Sat, Oct 27, 2018 at 02:31 PM, Jim Higgins wrote:
the logic behind the Gio approach of a 30-day expiration I think that more than anything, Mark is trying to save folks from themselves. I keep hearing that, but I can't figure out what - specifically - they are being saved from with a 30-day expiration vs refreshing the cookie on each visit? Can you give a real world example? There was some discussion on the beta group a year or two ago about renewing the cookie on each visit or extending the time. I don't see anything recent that would lead Mark to believe that there's any discomfort with things the way they are. Could that failure to see the discomfort be because, as is frequently stated, there's no official Gio presence on GMF... i.e., Mark doesn't read GMF... to see the recurring problem caused by people surfing their way to the Gio site only to find that they can't see any of their groups? What causes that? It's logging in with a different email address than the one used to join/create the groups OR EXPIRATION OF THE LOGIN COOKIE for the email address that was used. I don't have a problem with it as it is now because my main browser remembers my login credentials, so it's one extra click. My browser remembers also... and so does everyone else's, until the login cookie, which isn't refreshed upon each site visit, expires after 30 days... (or until they manually log out, or manually login using a different (and incorrect) email address... whichever comes first). You (and I) know what to do... thus you don't see a problem. But keep watching the complaints/questions in GMF and you'll see it's a recurring problem for those less savvy. And in my case, I visit the site only occasionally... when I need to see if a pending subscriber has confirmed an email address before I approve the subscription. If that visit requires me to log in with a password or request a link to log in it multiplies the time needed to perform that otherwise quick check. It won't kill me, but it's utterly pointless... especially in the eyes of someone fairly newly arrived from Yahoo where this is ONE thing - perhaps the ONLY thing - that Yahoo does better than Gio... and when it's causing problems for Gio subscribers and owners alike to the tune of several complaint threads weekly in GMF. Jim H
|
Re: Notifications to Members
On Sat, Oct 27, 2018 at 09:47 PM, Sharon Villines wrote:
Are members notified that they are on moderated status?
Yes and no.? If they go to the overview page, /, they'll see a blue square with a white M next to that group.? If they post online, they'll see a green box at the top after clicking Send that says " Your message will be sent when it's approved by the moderators."? But there is no email sent to inform them. Duane -- Help: /static/helpGMF's Wiki: /g/GroupManagersForum/wikiSearch button at the top of Messages list A few site FAQs: /static/pricing#frequently-asked-questions
|
Are members notified that they are on moderated status? I have an argument going on a list and I want to put the two people on moderated status but would like to know if they will be notified automatically ¡ª more grease on the fire. Sharon ---- Sharon Villines [email protected]"Neighbors Talking to Neighbors¡± Takoma Park DC and MD
|
|
|
|
|
How can I print a list of my members with their email addresses?
I clicked on download but it is all not clear with many codes in it.
Is there a way to export a csv list or something like that?
Thanks
Anita
|
Re: Automatic logout 30-days after login
That 30-day expiration is unnecessarily inconvenient. The ¡®login link¡¯ is nothing but a temporary password - it expires. One way to think of this expiration is that it is similar to a motion detector (or garage door opener) light - it only lasts for a pre-determined amount of time. Groups.io has chosen 30 days (or when you delete its cookie) whichever occurs first. If you think it should be for a different amount of time, make the suggestion on the beta group email List. Why not create a (permanent) Password, it takes less effort than getting a ¡®login link¡¯ twice. Once you log in with a ¡®login link¡¯, go the additional step to create a (permanent) Password. I also recommend allowing your devise to remember it, along with writing it down. Of course you can still always request a new ¡®login link¡¯ every time you forget it. I totally get that most of my users don¡¯t want to ¡®risk¡¯ going to the website - they don¡¯t understand it and are afraid of doing ¡®something wrong¡¯ and screwing it and/or their computer up. However as Group Owners we need to experience and understand the web side of Groups.io to at least be able to help our Subscribers (email only users) and Members (email and web users) with the basics and features our groups use. I purposely have restricted use of a number of features because they are unclear, confusing, or cause other features to change, appear and/or perform differently; namely: Subgroups, Polls, and Hashtags. I do use the Calendar and have enabled the Directory even though they need improvements. Databases and Wiki also seem to have functionally quirks. I¡¯m not a Chat fan as I¡¯ve experienced it elsewhere (Company and Utility websites) so we have not used Chats either. Groups.io is a young, still developing service which functions better than YahooGroups has for years, and we can use it free. I believe it can and will improve, Management (Mark) follows the beta groups discussions and is actively working on fixing, improving, and adding functions - announcing changes at least once a week and asking for feedback.
|
Cathy,
It's pretty clear that you created the group when you were logged into a different account than the one you are using now.? As you said, this was "months ago".
First, go to the Find or Create a Group page and search for your group.? Make sure you have the name right.? You might try sending an email to the <group>+owner address and see what email account the message shows up in.
If that doesn't work, best to email support and explain the situation and have them (Mark) help you out.
Toby
|
Re: Automatic logout 30-days after login
On Sat, Oct 27, 2018 at 08:31 PM, Jim Higgins wrote:
True enough, but when that "seldom" need arises the urgency/importance of that particular need is precisely the same as if it arose daily. That 30-day expiration is unnecessarily inconvenient. It results in frequent reports/complaints from members visiting a group and thinking they've been dropped as a subscriber. And unnecessary inconveniences don't become more palatable just because they happen seldomly.
For goodness' sake... My browser remembers my log - in details so it takes 2 clicks every 30 days. My life will not come to an end on that basis, and I see no evidence that the sky will fall on my head either. Of all the "inconveniences" in my life having to log in again from time to time simply doesn't feature. I'm sorry but IMHO there are no grounds for complaining about this requirement. Although I accept that YMMV what exactly is so urgent or important about using the web UI that having to log in occasionally is simply too frustrating for words? How do you cope with the frustrations of waiting for a bus or train, or having to spend a few minutes refuelling your car, or whatever? Chris
|
This is exactly the situation that caused me to make this suggestion in beta ->?
Email sent to the group+owner address should contain the account owner email address.? It appears Cathy created a group but with an email other than the one she is logging into now.? Her only recourse now is to email support and ask Mark to send a message to the email address that owns the group so she can determine what email to login with.? Hopefully, it's an email address she has access to.
Toby
|
Re: Automatic logout 30-days after login
On Sat, Oct 27, 2018 at 02:31 PM, Jim Higgins wrote:
the logic behind the Gio approach of a 30-day expiration
I think that more than anything, Mark is trying to save folks from themselves.? There was some discussion on the beta group a year or two ago about renewing the cookie on each visit or extending the time.? I don't see anything recent that would lead Mark to believe that there's any discomfort with things the way they are.? I don't have a problem with it as it is now because my main browser remembers my login credentials, so it's one extra click. Duane -- Help: /static/helpGMF's Wiki: /g/GroupManagersForum/wikiSearch button at the top of Messages list A few site FAQs: /static/pricing#frequently-asked-questions
|
Thanks! I logged out and logged back in with the same results.
cathy
|
|
|
Hi
I'm wondering is it possible to send details/link when a new photo album has been added. With Yahoo this was automatic but I can't find a box to tick to make this happen with . Otherwise the album gets lost within all the other albums which transferred. Although I have changed my personal settings to list albums by date created.
Thank you again so much,
Barbara?
|
Re: Automatic logout 30-days after login
Received from Shal Farley at 10/25/2018 11:38 PM UTC: Jim,
But if my new car kills the engine every 30 days until I contact the dealer for a link to restart it, that's another matter. ;-) If the login cookie is analogous to your key fob, then it is like needing to enter a PIN on the fob after 30 days, or email the manufacturer (your option), to have access to the special features of your high-end car (engine compartment, track mode, suspension adjustments, ludicrous acceleration, etc.). Or you can just continue driving around in "standard mode" - post and read by email - without needing to re-authorize the special features. And you'd be alright with that if that were the case with your car? If not, then it's a bad analogy. I don't accept that particular analogy. Losing my Gio login cookie isn't akin to being able to drive my car, but minus fancy features; it's akin to not being able to even open my car door until I refresh the fob. Any analogy I might make regarding posting and reading via email - my usual practice - doesn't require a car at all. I'm a group owner and I rarely visit Gio unless it's to perform management functions I can't perform via email. I visit the Gio site mainly because the pending member notification I get via email doesn't tell me whether the subscriber's email address is confirmed or not and I choose to not approve subs from unconfirmed email addresses. So if I'm not logged in when I visit Gio I can't see pending members email confirmation status... and thus can't do THE MAIN THING that I go to the Gio site to do... unless I log in manually or request a login link. My Gio cookie expired within the past day or two... with NO NOTICE to me that I could request a login link!!!! If this is how it works - no link reminder - no wonder the people complaining that they've been suddenly unsubscribed is such a common topic here! Say whatever you will, but this 30-day cookie thing is one (maybe the only one) aspect of groups that Yahoo did much better. Of course that analogy depends on how you (a member) normally use the group. If you use it primarily by email then you would seldom need to log in. True enough, but when that "seldom" need arises the urgency/importance of that particular need is precisely the same as if it arose daily. That 30-day expiration is unnecessarily inconvenient. It results in frequent reports/complaints from members visiting a group and thinking they've been dropped as a subscriber. And unnecessary inconveniences don't become more palatable just because they happen seldomly. Suppose the power to your home failed every 30 days and stayed off until you called the power company... and during that call they said it shouldn't be a big problem because it happens only seldomly. Admittedly a bad analogy... so we're even. ;-) If you use it primarily by web then you're already a frequent visitor to the site, and having to re-validate your login once a month doesn't seem (to me) out of line compared to other sites I've used where login is required. I don't even begin to share the experience you mention with other sites. I never had to relog in on Yahoo unless I accidentally zapped the Yahoo cookies or manually logged out vs just closing my browser. Likewise a number of sites I visit haven't required me to log in in several years. I don't see the logic behind the Gio approach of a 30-day expiration... nor do I find that cookies with an expiration as short as even 90 days are the norm even for sites that renew on every visit. In my experience most sites renew the login cookie for a specific period each time I visit the site, and it's for far longer than 30 (or 90) days. Many are a year; some are until Jan 2037, the highest date many Linux based systems currently recognize. 30 days would be a lot more convenient (and a lot more "normal" vs other sites) if the login cookie were renewed for 30 days each time I logged in. If that were the case, only folks who don't log in at all for 30 days would be prone to thinking they'd been dropped as subscribers. I bet that would cut the regular complaints by over 90%. Just saying. Jim H
|
Duane
Frances
Anita L
Michael Pavan
Toby Kraft