Why do I have to sign in even though I have already signed in?
Using FamilySearch from my home computer I click on "Keep me signed in for 2 weeks". But an hour later if I try to access the site I am asked to sign in again. Even if I have a FamilySearch page open in one tab of my browser if I attempt to access a FamilySearch URL in another tab I am presented with the sign in screen. The timeout on my session is therefore much less than 2 weeks. FamilySearch is aware of my sign in, even if it fails to acknowledge it, because if I enter the URL of an image on the site, I am presented with the image without requiring a sign in, and the top of the page shows my account information. So why am I forced to sign in again within the two week period to access some pages on the site, but not others?
A related issue has arisen in the past couple of months as FamilySearch has added capabilities to the website.
I have been doing family history for over thirty years, since before FamilySearch was created and I had to transcribe information from microfilm at a library or family history centre. With in a year of the announcement of the invention of the Web at CERN I had already created my own web-site which permitted me to access my research notes from any device with access to the Internet, so I no longer had to carry all of my notebooks with me if there was a computer at the location with internet access or later with WiFi. I record additional information about transcriptions of individual source documents beyond what is recorded by FamilySearch. In particular observe how in the following screenshot I have associated links to individuals in my FamilyTree from my transcription of a marriage registration. If you look at the bottom of the left window you will see the associated image URL on FamilySearch. But despite the fact that I am already signed in to FamilySearch when my application attempts to open the image URL so it can be consulted in parallel with my transcription, I am asked to sign in AGAIN.
If I proceed with the sign in from this sub-window I eventually get to the page containing the image, but that page replaces the entire page, not just the <iframe>, so I cannot consult the image in parallel with the transcription.
The URL displayed here is https://www.jamescobban.net/Ontario/MarriageRegDetail.php?Domain=CAON&RegYear=1876&RegNum=6182&lang=en
I can access the image in a different tab by copying and pasting the image URL https://www.familysearch.org/ark:/61903/3:1:9Q97-Y39G-3J7, and when I do FamilySearch recognizes that I am already signed in and just displays the image without demanding that I sign in again. But I can no longer open the URL within an <iframe> which means my ability to compare the transcription to the original image is lost.
The intention of this change is perhaps understandable, FS wants to track who is accessing its resources and so demands a sign in. Why demand a sign in if I am already signed in so you can trace my use? Ancestry made a similar change a few years ago. For example https://www.jamescobban.net/Ontario/MarriageRegDetail.php?Domain=CAON&RegYear=1873&RegNum=10032&lang=en is an example of a document transcription on my site that references an image on Ancestry. Ancestry blocked displaying all URLs within an <iframe>, so I had to add functionality that if the image URL is on Ancestry I must open it in a separate tab, negating the intention of verifying the transcription in parallel. Even though I have been a paying customer of Ancestry for over two decades Ancestry refuses to rethink this inconsiderate behavior. I am just trying to promote your services by including links to your site from within my site. Because of Ancestry's lack of cooperation I have had to replace almost all of my links to Ancestry documents. The one above is left simply to test that part of the functionality of my site.
You can see my functionality working for a document whose original image I created myself by scanning the microfilm at https://www.jamescobban.net/Canada/BirthRegDetail.php?RegDomain=CAON&RegYear=1915&RegNum=37234&lang=en
Access to the information on my site is free for non-commercial use and in addition to English, French, German, and Spanish the information is available in machine-readable JSON and XML to registered accounts.
Best Answers
-
Then what is the point of the "keep me signed in for two weeks" verbiage?
what is it?? two weeks or two days or two hours?
why isnt the verbiage consistent and correct?
Im all for security . . . but not for confusion . . .
0 -
Dennis, that is a good, valid question. In my personal opinion, that link is not helpful. I delete my temporary files more often than just every two weeks because I work several hours at FamilySearch everyday, but I also don't leave pages of any website open and idle for long periods of time.
I understand that many users feel using that link is helpful. Because we have a knowledge article that simply reminds us not to have long periods of inactivity, if we wish that feature to work properly, I just chose not to use it.
A recent Google search using "Why do my web pages keep timing out" was very helpful with discussing possible situations that can cause web pages to time-out such as running Complex scripts, overly large graphics, Browser-related conditions, and Server problems. Finding and reading similar information might be of interest for those who make not be aware of some of these reasons.
2 -
Dennis
It's 'Brett'.
Just in passing ...
In regards to the "Keep me signed in for 2 weeks" ...
Most of the time (ie. Provided that there has been NO "System" Update/Release) ...
We DO NOT, have to FULLY, "Sign" back in, with our "Credentials" ...
We just need to select "Sign In"; or, as 'CDBurk' advised, simply select "Refresh"; and, we are AUTOMATICALLY "Signed" back in.
I am sorry ...
But ...
That Said ...
I really DO NOT know/understand, what all the 'fuss' in about, with the 'Time-Out' ...
IF, I have the "Option" of "Keep me signed in for 2 weeks", selected/checked/marked; THEN, very rarely, do I ever have to "Sign" back in, with my "Credentials"; as, I mentioned, most of the time, I ONLY every have to simply select the "Sign In"; or, just select "Refresh"; and, I am AUTOMATICALLY "Signed" back in.
I would humbly venture to suggest, that the, "Time-Out"; and, "Option" of "Keep me signed in for 2 weeks", are working just fine
As an aside ...
Whereas ...
The, EXTERAL Website; and, "<iframe>", matters, are another problem/issue, altogether.
Just my thoughts.
Brett
0 -
To those who are asking about the "Keep Signed-in" option, I have forwarded this concern to those who may be able to change the way being "timed-out" is handled. Please be aware that we have requested more concise definitions for using this feature, so the engineers are aware of this problem which seems to be a reoccurring theme.
We know that many of the things that happen with our computer activity are related not only to the websites we use, but to the preferences we set for our internet activity in browsers or in our general computer settings.
Because different results can occur through how we use the internet, it may be wise to check our browser settings for each browser we use, and to check our general preferences for how we access information on the internet. We are hopeful that this will become less of a problem as more detailed information becomes available for those who are trying to remain signed-in while not actively using the open pages.
Thanks for a great discussion, and for sharing your experiences!
1
Answers
-
yeh . . . I have always wondered the same exact thing.
0 -
I would appreciate a response from the website support team.
0 -
James
I am just another 'lowly' User/Patron ...
Just in passing ...
And, I known that you WANT a responsen from an "Official 'FamilySearch' Representative" ...
Respectfully ...
And, ONLY in relation, to the FIRST part, of your problem/issue ...
The "Option", of "Keep me signed in for 2 weeks", has NOTHING whatsoever to do with the "Time-Out".
They are two (x2) totally, distinct; and, separate, things.
Keeping one, "Signed In", for x2 Weeks, ONLY means, that one DOES NOT, have to enter one's 'FamilySearch' credentials (ie. "Username" and "Password"), each and every time, one goes to sign back in.
Plus, occasionally, after a Release/Update, by 'FamilySearch', the "System" itself ,"Resets", the "Keep me signed in for 2 weeks"; and, we must manually, "Sign In" with our credentials - but, thankfully, not too often.
Whereas ...
The "Time-Out", is a "Period" of inactivity, in the "System"; and, that includes, even if, one has 'FamilySearch' open in another 'Tab'; and/or, 'Window'.
As such, they are mutually exclusive, of each other.
Just my thought.
Brett
ps: Here is a "Knowledge Article", in 'FamilySearch':
Why did my session time out?
https://www.familysearch.org/en/help/helpcenter/article/why-did-my-session-time-out
.
1 -
The knowledge article that Brett provided explains that when a page is idle, you will be signed out of the site for your own protection. That is the most common reason for being signed out even after using the "Keep signed in for two weeks" option.
I have personally noticed that even if I find I am timed-out, I can often simply refresh the page and I am able to sign-in on that page again if needed. While not always convenient, I appreciate the security measures that are available at almost all internet websites that do not allow us to remain signed into programs we do not wish to have compromised for long periods of idle time.
2 -
Brett states:
Keeping one, "Signed In", for x2 Weeks, ONLY means, that one DOES NOT, have to enter one's 'FamilySearch' credentials (ie. "Username" and "Password"), each and every time, one goes to sign back in.
My response: Frankly that is what I thought James Cobban was reporting . . . that he was being forced to re-sign in with his credentials.
because that has also been MY exact experience as well. (that I am forced to re enter my credentials every few hours)
0 -
Dennis
It's 'Brett'.
As I stated in:
Obviously ...
I am NOT experiencing, what you are experiencing ...
Maybe, every so often ...
Especially, occasionally, after a Release/Update, by 'FamilySearch', in the "System" itself; which, "Resets", the "Keep me signed in for 2 weeks"; and, one must manually, "Sign In" with one's credentials - but, thankfully, not too often.
Brett
0 -
There has been excellent discussion of this behavior.
It is important to all users of any site that they be very clearly and securely identified when making changes to information on the site. For example to alter information about a relative. In the discussion it was pointed out that banking sites, for example, will disconnect in order to ensure that banking transactions are not initiated by someone who simply wanders past a signed-on computer.
However for merely using the site for searching or examining information on the site the identification of users is primarily for the benefit of the site. Most sites collect information about their users . For commercial sites this information is worth money as it can be used for customizing advertising. For these "read-only" services it is not clear why secure identification of the user is critical. In particular why should the user be inconvenienced by an activity whose only value is to the provider of the site, not to the user?
The commercial site which is most similar to FamilySearch.org is Ancestry.com. The particular research activity which I referenced in the original post was looking at a digital image of an original document. This is a "read-only" action. It does not alter any information recorded either by FamilySearch or contributed by a client. On Ancestry.com if the client has not explicitly signed off the client can come back days later and ask to see any image which their account provides access to and that image is displayed without any further action by the client. On FamilySearch.com the client is presented with either a request to sign on, as demonstrated in the screenshot I provided in the OP, or with a pair of mysterious messages for which the on-line help is misleading. Because the client's browser still holds a cookie which is forwarded with the request the client's identification is known, and it is confusing why the site is unwilling to accept that identification without further action by the customer, especially since in many case the only action required is to refresh the page, something which is not documented by the help.
0 -
All
FYI
As an aside ...
This is interesting ...
I was in the "Indexing" Part, of 'FamilySearch' ...
But, I was NOT "Indexing", a "Batch" ...
I went away from the Computer; as, I was need for something ...
When I came back ...
The "Screen" appeared as the following:
Hm ...
A "Warning", of an impending, "Time Out" ...
Now ...
I had been away for over an Hour ...
I thought, that what ever I did, I would be "Logged Out" ...
'Lo and Behold' ...
I selected that "Stay Signed in" ...
NOT really expecting much ...
Wow ...
It me "Logged Out"; and, AUTOMATICALLY, "Logged" me back "In" again ... right back ast the same place
ie. NO "Credentials" required ...
Interesting ...
It would be nice, if such WAS in the "Family Tree" Part, of 'FamilySearch' ...
But ...
That Said ...
I am MORE than well aware, that the two (x2) "Parts", are TOTALLY "Different"; and, that "Security"/"Privacy" is paramount ...
Just saying ...
Brett
0 -
Thank you for posting your question in Community.
The timeout function on FamilySearch can be triggered by a few different things. Here is a short article that should be useful in understanding them and adjusting as needed.
Best of success to you.
0 -
One other thing that I have discovered which may be affecting your system is that some some have issues because their system is set up to clear cookies automatically. It is the cookies that allow a website to recognize and reconnect you to the same place you were even after a timeout from lack of use happens.
We hope this is helpful.
0 -
@MDRMT Thank you. However as I have noted in my comments on this issue the cookie is still in place, as all I have to do is refresh the page to retrieve the information, which is then presented with my session indicated in the top right portion of the page. This demonstrates that my browser is forwarding the cookie with each request, but the site ignored the cookie and displayed the two irrelevant messages for which the on-line help does not suggest that a simple page refresh will resolve the issue.
0