Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.
First time visiting? Here are some places to start:- Looking for a certain topic? Check out the categories filter or use Search (upper right).
- Need support? Ask a question to our Community Support category.
- Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
- Be respectful, on topic and if you see a problem, Flag it.
If you would like to contact our Community Manager personally, feel free to send a private message or an email.
Stop making me click "Log in" every day
matas_lauzadis197
Member Posts: 2 ✭
My feature request is in the title.
There's been a number of feature requests asking Onshape to preserve sign-in status rather than making users fill their credentials and click "Log in" every day:
- https://forum.onshape.com/discussion/8916/every-time-i-visit-the-onshape-website-i-need-to-log-in-again-is-there-a-remember-me-option
- https://forum.onshape.com/discussion/7784/stay-signed-in
- https://www.reddit.com/r/Onshape/comments/1ge0s63/why_does_onshape_log_users_out_so_aggressively/
- https://forum.onshape.com/discussion/13653/login-and-refresh-repeats-are-excessive-can-you-double-the-time-to-stay-in-loged-and-refreshed
It's clearly a pain point. What is the business decision behind logging users out so often? This is User Retention 101, if you want users to stick around, why log them out? Can you point out any other core workflow tools which do sign-outs as aggressively as Onshape?
Assuming most of your users are on the Free Plan, their designs are open-source, the argument for aggressively signing people out "for security" is moot.
Please stop making me click "Log in". I love your product, but this is silly.
CC @john_rousseau who seems to be behind this decision.
Comments
You’re right, a high percentage of users are on the free plan, but for those who are not, security is important.
@NeilCooke could you go deeper into the motivation for this policy? I love that OnShape takes security seriously, I really do! But execution of this security policy seems out of alignment with other major institutions who also take security seriously. My work and home email providers— probably my most sensitive web logins— do not log users out every few hours. Nor does my password manager, which has all the keys to my life, including my properly entropic OnShape password.
Since OnShape already meets the gold standard by providing 2FA for those who decide they want heightened security, would it not be reasonable to make this auto-logout configurable? That way, who see value in being aggressively signed-out can still have that as an option.
I agree that making the logout timeframe configurable is a better option than the current situation, which mostly just wastes time.
I know everyone has their own gripes with any product ever made, but IMO, this one is a strange one.
Compared to every other CAD software I ever used, getting to a point where you can actually "model" in OS is significantly quicker.
Also as mentioned in other threads by OS staff, OS has to rent compute time from AWS. If users are logged in forever, it wastes money.
Speaking as a free plan user, I don't mind the time spent re-logging in nearly as much as I appreciate the availability of the free plan. My paid license of Alibre Pro takes much longer to start up than Onshape takes to log in.
I don’t think folks are saying this is a major issue—just offering feedback about a small but recurring annoyance that they don’t feel empowered to address. It’s like spotting a typo on a webpage: minor, sure, but it impacts everyone who sees it, and the fix is perceived as easy. That importance makes it feel worth raising, even if it’s not urgent.
At the heart of it, perception is reality for users. So rather than downplaying their experience, it’s important to acknowledge it. They’re not wrong—logging back in does take some amount of time and mental energy. We might disagree on how big a deal it is, and it’s totally valid for the devs to WONTFIX things when there are more pressing priorities or when the fix could introduce worse issues.
For what it’s worth, I use OnShape across enterprise, education, and free accounts. I love the platform and relentlessly recommend it, but I still find the auto-logout a bit of a friction point.
Providing more modern authentication methods would be nice and provide high security with connivance
This is a daily annoyance. How about making the login and stay longer as an option?
After logging in for the thousandth time here I had to google if anyone else finds this annoying, and yes they obviously do.
I can't think of any other site ever where I'm constantly reaching for my password manager to get the credentials and log in. Would be a great update to have these timeout windows configurable. I'd be happy with 48hrs at a minimum, 4 hours is annoying.
Otherwise having a great experience with Onshape, its the one head scratcher.
Onshape is probably never going to say more than "security" as the reason, but my speculation is that session token based attacks are a common way other web platform security is broken (because it bypasses every other security measure). Happens to youtube channels all the time. The difference with other platforms is that if a youtube channel gets hacked to show AI crypto shills, that can be reversed and the damage is limited to a few hours of lost viewership. A platform like Onshape is storing incredibly valuable IP. If that gets out, you cant reel it back in, a successful attack has no undo. Companies with billions of dollars in IP trust Onshape so they can design things like quantum computers, fusion reactors, airplanes, etc. The annoyance mitigates a pretty big risk.
Interesting thing to think about - Ransomware use to be a concern for on-prem desktop CAD solutions (I've heard stories of it happening), but I guess you can't really ransomware Onshape.
Experts in Onshape Automation - Custom Features and Integrated Applications
I'd guess the security can stand after server load, because active onshape document works via websockets which is costly to maintain. As of security - you can check local storage "authorized" key content when on cad.onshape.com 😏
Welcome to the cloud, it ain't a desktop computer with a local hard drive.
Yeap, bi-directional communication (a socket) is necessary and while the client could auto login (authenticate & establish a socket), I don't want that. Once a day or every time I accidently close my computer is hardly a penalty at this time.
A few years ago, people had no passwords on their window machines and having an older computer tap into a cloud app automatically, we're not ready.
It's going to get crazier as the cloud develops.