Stay Logged In

Acceptance Criteria:

1. “Stay Logged In” or “Remember Me” option should be prominently displayed on the login page, typically as a checkbox.
2. When I check the “Stay Logged In” option and successfully log in, my session should persist across multiple browser sessions, even after closing and reopening the browser.
3. When the “Stay Logged In” option is unchecked, the system should behave as if it’s a regular login, with sessions expiring after a period of inactivity or upon browser closure.
4. There should be clear and concise explanatory text next to the “Stay Logged In” option to inform me about the purpose and implications of this feature, such as “Keep me logged in on this device.”
5. My login session, whether I choose to stay logged in or not, should have a reasonable and secure timeout period, after which I am automatically logged out for security reasons. The system should clearly communicate the timeout policy to me.
6. The option to stay logged in should be implemented securely to protect user data and privacy. It should use industry best practices, such as secure cookies or tokens, to ensure the user’s session remains secure.
7. In the case of a forgotten password or the need to change my password, I should still be required to enter the current password even if I have selected the “Stay Logged In” option. This ensures that my account remains secure in case my device is lost or stolen.
8. I should have the ability to manually log out from any page or screen within the application, regardless of whether I have chosen to stay logged in or not.
9. If I select the “Stay Logged In” option and my login session expires (e.g., due to a password change or security settings), I should be prompted to re-enter my credentials before accessing my account again.

Related Stories

• Web Login
• Forgot Password