About "Keep Me Logged In"

Last updated: 4 April 2026

How It Works

When you log into RecurDesk, a JSON Web Token (JWT) is stored in your browser's local storage. This token authenticates your requests to the RecurDesk API without requiring you to enter your password on every page load.

By default, your session lasts 7 days. After 7 days, you will be automatically logged out and need to sign in again.

What Stays Logged In

  • Your RecurDesk account and all workspaces you are a member of.
  • Your selected workspace and UI preferences (theme, sidebar state).
  • Third-party integrations (e.g., Xero) remain connected at the workspace level and are not affected by your login session.

Security Measures

RecurDesk implements several security measures to protect your session:

  • HTTPS only: All communication between your browser and RecurDesk is encrypted using TLS.
  • Token expiry: Sessions automatically expire after 7 days, limiting the window of exposure if a token is compromised.
  • Two-factor authentication: If you enable 2FA on your account, an additional verification step is required at each login, even if you have a valid session token.
  • Role-based access: Your permissions within each workspace are checked on every request, regardless of session validity.

Risks to Be Aware Of

Shared or Public Computers

If you log into RecurDesk on a shared or public computer and do not log out, the next person using that computer could access your account. Always log out when using a shared device.

Stolen or Lost Devices

If your device is lost or stolen while you are logged in, someone with access to your device could access your RecurDesk account. We recommend:

  • Using a device lock screen (PIN, password, biometrics).
  • Enabling two-factor authentication on your RecurDesk account.
  • Contacting us immediately to revoke your session if your device is compromised.

Browser Extensions

Malicious browser extensions can potentially read data from local storage. Only install extensions from trusted sources.

Best Practices

  • Enable two-factor authentication (Settings > Security).
  • Only stay logged in on personal devices that you control.
  • Lock your computer when you step away.
  • Log out manually when using a shared or public device.
  • Keep your browser and operating system up to date.
  • Use a strong, unique password for your RecurDesk account.

How to Log Out

You can log out at any time by clicking your profile icon in the top right corner and selecting "Log out". This removes the authentication token from your browser and ends your session immediately.

Questions?

If you have concerns about session security or believe your account may have been compromised, contact us at security@recurdesk.com.