Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.
First time visiting? Here are some places to start:- Looking for a certain topic? Check out the categories filter or use Search (upper right).
- Need support? Ask a question to our Community Support category.
- Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
- Be respectful, on topic and if you see a problem, Flag it.
If you would like to contact our Community Manager personally, feel free to send a private message or an email.
Every time I visit the onshape website I need to log in again. Is there a "remember me" option?
dimitris_mertzis
Member Posts: 3 PRO
The first onshape browser tab I connect in Chrome requests login info every time. Can onshape "remember me" when I connect from the same device (laptop)?
Tagged:
2
Answers
Are you running any ad blockers or privacy plugins? Are you signing out of Onshape before you close the tab?
If you can't find a plugin that's causing this, please open a support request from in Onshape via the "?" menu.
I disagree that frequent automatic logoffs are an important security feature. Does gmail log you off every morning? Please let users make this decision themselves.
The other thing you have to keep in mind is that keeping an active logged in window implies a certain level of back end server load (geometry and modeling), ready to process and communicate with your browser. Those servers cost a lot. If you want to have them active and waiting for you while you go for coffee or sleep, you would need to pay more for that server load somehow.
On a separate note regarding comment #5:
Learn more about the Gospel of Christ ( Here )
CADSharp - We make custom features and integrated Onshape apps! Learn How to FeatureScript Here 🔴
1Password works well for me with Onshape. Both the browser extension and the desktop version (Windows).
For an enterprise security standpoint - it's important to adopt best practices (per @S1mon) and leverage password managers / 2-step verification whereever possible. If the password manager is setup and working well, it's very low-friction, and best-available security (and fits well with your generally-secured life. You should be using the same strategy for your Gmail and Bank logins too!).
I can see how it's a nuisance for those with a computer that is physically secured, but for folks that travel or work on various machines, this security layer makes Onshape usable.
The security argument does not pass muster, esp. because I have a free account and so all my models are public anyway. There are far more people who want to break into a random user's gmail or outlook accounts than OnShape, and those have sane policies which allow me to stay logged in. My password manager, which is far more sensitive, allows me to stay logged in. And then I use that password manager to log into OnShape. If it's safer to aggressively log me out, then it's trivial at best.
If there are CPU reasons, then by all means, log me out. I'm not paying for OnShape, so if I can stretch their dollars that little bit more then I'm happy to periodically click Login.
After that your browser should remember your username and password and auto fill them. So you just need to click the login button. That's the way it has always worked for me.
If you don't get the prompt from your browser, that means you probably hit the option to 'never remember for this site' the first time you logged in.
So you will probably have to dig through your browser security settings and saved passwords and add it there.
I too am annoyed by the logouts, and the questionable claim that logging people out is a security feature. My PC is locked inside my house, what extra security does logging out add for me?
In fact, I can't think of a scenario where security is actually improved by automatic logout. Let's say someone actually takes my computer, and has logged in to Windows somehow. If they're after my OnShape data, firstly, I have my passwords saved so they can still log right back in without knowing the password. And even if I didn't have passwords saved, they could reset my OnShape password because they've got my computer and thus access to my emails.
Any security conscious person isn't leaving their computer unlocked anyway, so it just seems like a weird decision to make, like no one at OnShape has really thought about security carefully.
Maybe there is some very rare, convoluted scenario you could come up with, a one-in-a-billion occurrence, where automatic logout protects your data, but there's absolutely no reason to make it mandatory for everyone else.
@davidg707 if you want to have passwords saved to compromise security then that's your choice, but corporations don't want to give their employees that freedom. It's not costing you anything so suck it up.
@Paulo saving passwords and keeping OnShape signed in wouldn't "compromise security" on my system, and that's my point. If you build a one-size-fits-all solution for security, then you have to make it as strict as possible, which is what they've done. What I'm suggesting is that this results in bad UX for people who don't need or want that level of security. I'm sure there's a way to both make this an option for individuals, and at an organisation level.
If this isn't a concern for you, then your input on the matter is not required.
It's not just physical access auto log out secures. It's also a standard method of preventing cross site attacks.
https://owasp.org/www-community/attacks/Session_hijacking_attack
https://truedigitalsecurity.com/blog/why-your-app-needs-a-short-session-timeout-and-google-facebook-and-twitter-dont