function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Scott.MScott.M 

Keep Portal Session Alive after Browser Close

Hi,

 

We have some users that want their customer portal session to stay alive after the browser closes. Doesn't anyone know if there's a way to accomplish this? Basically they want a remember me option on the login form.

 

Thanks for any help 

 

Scott 

sfdcfoxsfdcfox

Portal sessions are session cookies, so they will be logged out when the browser closes. You may want to look at alternative means, such as OAuth/Single Sign-On if you'd like to make longer-lasting sessions.

Scott.MScott.M

Thanks :) we know that's the right solution but it's also expensive, you wouldn't believe the number of customers that wonder why salesforce doesn't have a remember me option so they don't have to sign in every time, and also don't want to pay for Oauth / SSO 

sfdcfoxsfdcfox

Personally, I agree. The Google method of authentication (which makes sessions last indefinitely, with an option to expire all other sessions) would be awesome. However, security requirements being what it is, I don't think salesforce.com will do that anytime soon.

Scott.MScott.M

You wouldn't happen to have a good article I could reference about the security requirements that salesforce is adhearing to, to make it difficult for them to provide a solution would you? I think if I can make a reasonable security case for why you wouldn't want to allow this kind of behavoir to customers, they might be more likely to accept it 

 

Thanks!

Scott 

sfdcfoxsfdcfox

I think you can contact salesforce.com directly for this information. I've never found a direct article on their actual security standards to which they adhere, but they are certified to EU, TRUSTe, JIPDC, plus ISO 27001, SAS 70 Type II, and SysTrust. Given the number of security certifications they carry, it'd be hard to tell which one invoked this restrictive session control, or even if it is merely preemptive as a marketing strategy against their major competitors (we ARE more secure than you!).