Hello folks,
I’ve grown a bit frustrated with the log in method for my Ghost.io site, gamefriend.co.uk.
Users are logged out quite frequently, and they need to receive an email log in to log back in. It clutters inboxes, and it would be nice to just be able to log in from the site itself, rather than an email.
Ideally, staying on the site to log in would be my preference.
Can someone advise how I manage this? I can’t see sign-in methods on the Ghost dashboard anywhere. Is it a theme thing? Or is it universal with Ghost websites?
Cheers,
Craig
It’s not a theme thing.
When the user clicks the magic link (or enters their code) they should get a long lasting cookie and shouldn’t need to log in again unless the switch devices or platforms.
1 Like
I checked the cookie expire time, it’s 6 months. Once a member logs in, they should stay logged in for 6 months, in the same browser, if they don’t clear their cookies.
Thanks for commenting folks, I suppose my issue is not the length of time they’re logged in for. The email method is what irks me and options to have a password or something to that end would be what I’m looking to implement.
There’s nothing built into Ghost. I’ve set up social sign on and even password sign on for some sites, but that’s something running on separate from Ghost.
One-time-code feature is just released and it actually helps a little to mitigate the friction of magic links. Especially with using browsers auto-fills one-time-codes, it’s just a few seconds waiting.
This mail-based login is very secure, since there is no risk to leak any passwords of the members. Maybe in a next iteration, Ghost team considers adding Passkey support, which also very secure in terms of data breach. But for now, this is what we have.
2 Likes
