Should You Keep Users Logged In?
It’s not uncommon to navigate to Facebook.com or Gmail.com and find yourself already logged in. On the other hand, there are plenty of web services that require users to log in on every visit. What is the standard and the reasons behind it?
most all UX questions, it really depends on the nature of your web application. I recently took to Twitter to see what a few respectable UX designers thought off the bat. I was looking for gut feelings, posing the question without mentioning what the web application would be doing. Here is the question:
— Avi Zuber (@avizuber) May 21, 2014
And here are the responses (note: I put them on the spot and gave them zero context. You can read the full thread here.):
— Ciara Bryans (@himynameisciara) May 21, 2014
— Dana Cohen Baron (@DanaCoBar) May 21, 2014
— Jennifer Aldrich (@jma245) May 21, 2014
And here is a bonus response for a guy who understands the web fairly well (he chimed in because that’s what Twitter is for):
— Roy Povarchik (@Roypovar) May 21, 2014
The general consensus seems to be that if security is an issue, you might not want to have users stay logged in to your app. One thing that would need to be addressed is when a user accidentally closes the window:
- Do you log them out then? Wouldn’t it be a pain for them to have to log back in?
- On the other hand, what if they purposely close out the app quickly? Wouldn’t it be a harmful to keep them logged in against their will?
Ciara’s solution of using the ever-so-popular “Remember me” checkbox on the login screen should in theory solve that. I still question how often that is actually used and if it’s a configuration people are used to ignoring.
Here is an interesting thread on UX.StackExchange that discusses some of this issue.
You should of course follow all of the fine folk mentioned above on Twitter.
What do you think is the best option?