Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.
First time visiting? Here are some places to start:- Looking for a certain topic? Check out the categories filter or use Search (upper right).
- Need support? Ask a question to our Community Support category.
- Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
- Be respectful, on topic and if you see a problem, Flag it.
If you would like to contact our Community Manager personally, feel free to send a private message or an email.
We need longer auth sessions
gregory_iii
Member Posts: 12 ✭
Every other website in the internet somehow manages to remember me for a while, but not onshape.
Auth sessions should be saved in browser cookies. They should have a reasonable expiration date (a month, for example).
Tagged:
0
Comments
I believe when we log on we are actually using a CPU at AWS. If it never kicked anyone off for a month, it would probably overload the whole system.
just save your login with browser. All I do is either click a saved link/bookmark or type cad in address bar hit enter then click on the sign in button because my info is saved.
There is a mechanism to prevent that. There is some kind of a sleep mode when websockets are disconnected after some time of inactivity. And that is totally reasonable. Just press a button to reconnect. No 5 redirects, no reloading, no password management tools.
Or I can simply ignore that or build a helper chrome plugin...
But thousands of people got distracted and annoyed by this stupid issue every day.
This bug triggers something deep inside me. It is about being customer oriented company, about priorities and impact. Developers shouldn't work on fancy features like GPT-integration, while there are basic design flaws with such a huge impact.
It's not just me. People have made multiple posts here and on Reddit about login/relogin issues.
There is a socket reconnect, when it says "press here to reconnect". However, that is still taking up resources on AWS that PTC has to pay for. When it times out and you have to refresh, that is when the document has been unloaded so that the resources can be reallocated to active users.
Personally, I'm not sure I'm getting exactly what the issue is. Your saying you want it to be like google or somthing? For example, when I bootup my computer and open chrome, I can click on my google drive and it just opens without me having to login first. That's what your hoping the onshape login experience could be like? You want the authentication token to have a longer expiration time. It seems like they should be able to do that without it hogging resources on AWS but I certainly have a tiny little microgram worth of insight into the underlying system. It would seem a valid oauth token that persists for a long time isn't forcing AWS to stay booted and connected to a user. Where I work, we use some custom applications that interact with onshape. Once the application initiates the authorization flow and it succeeds, a users authentication to the API lasts for many days. But, I really have never been bothered by having to click one button at the start of each day to open up my onshape home screen. I guess I sort of agree though that auth tokens seem like they should be able to remain valid for many days without burdening AWS.
Yes, I think that ideally, almost all web services should support long-lived authentication sessions (like Google). People use web services (often with free accounts) for personal needs, from personal computers. There’s no point in logging them out several times a day. Of course, there are obvious exceptions where short sessions make sense for security reasons (like Google, ha-ha).
Why do I think this is an issue?
I do 3D modeling from time to time, as a hobby. I often return to work on a document multiple times a day, in short sessions. And every single time, I have to log in again—even if I just want to glance at a document I already have open. Several times a day. For months. Performing completely useless actions from a UX perspective.
Sure, those four extra clicks and ten seconds aren’t a big deal. Fusiоn 360 used to crash several times a day, so OnShape was still a major improvement. But at some point, I got fed up with the disregard for basic UX design norms and common sense (I'm king of sensitive to this).
It wasn't the only issue, but I decided to start from something small and obvious.
Initially, I thought it was just “security theater.” But it turned out to be a deeper flaw in the cloud service architecture, something much harder to fix. Now I understand that PTC Technology probably loses more money on this than I lose nerve cells. And since there’s likely no easy fix, I’ve given up being annoying about it.