Overview

This article explains how long Vome keeps you signed in, what happens when your session expires, and how sessions differ across the web, the mobile app, and attendance kiosks. It is written for both volunteer users and administrators.

1. How long does Vome keep me signed in?

It depends on your role and the device you are using. By default:

• Volunteer users on web stay signed in for 30 days from sign-in
• Administrators on web stay signed in for 10 hours from sign-in
• Anyone on the mobile app stays signed in effectively indefinitely, as long as the app is opened at least once every 60 days
• Attendance kiosks stay signed in for 30 days from kiosk setup

These are the default settings applied to all users. Each person can customize their own auto-logout window from their settings page, under Settings, Security, Auto-logout.

2. How is my session length decided?

When you sign in, Vome gives your browser or device a session. The length is determined by:

1. Your personal auto-logout setting, if you have set one. This takes priority over everything else.
2. Your role default, if you have not customized it:
   • Administrator accounts: 10 hours
   • Volunteer users: 30 days

The window starts when you sign in. It does not extend just because you are still actively using Vome. When the clock runs out, your session ends.

3. Can I change how long I stay signed in?

Yes. You can change your own auto-logout setting at any time, within these limits:

• Minimum: 1 hour (you cannot be signed out faster than this)
• Maximum: 60 days (you cannot stay signed in longer than this, ever)

To change it, sign in to Vome on the web, go to Settings, Security, Auto-logout, pick a number, choose Hours or Days, and click Save. You can use the quick-pick options (12h, 1 day, 7 days, 30 days, 60 days) or type a custom value. You can also choose "Use the default for my role" to revert.

4. What happens when my session expires on the web?

You will keep using Vome normally until your session runs out. The next time you click a menu item or open a page, you will see a short dialog:

"Your session has expired. To continue using Vome, please log back in."

Your email is already filled in. You just type your password and click Resume my session. You are returned exactly where you were, with no data lost and no need to navigate back.

If you would rather sign out completely, for example on a shared computer, you can click Log out instead.

5. Why do I almost never see a login screen on the mobile app?

The mobile app is designed to feel like a typical app: you sign in once and stay signed in. Behind the scenes, the app quietly renews your session whenever needed, so you do not see it happening. Your role's auto-logout window still applies, but the app handles the renewal for you.

In practice this means:

• You will not be signed out every 10 hours (admin) or 30 days (volunteer user) on the app
• You will only see a login screen if you do not open the app for 60 or more days
• Push notifications keep arriving the whole time, because they are tied to your device rather than your sign-in state
• Chat keeps working the same way
• Tapping a push notification opens the app, quietly refreshes, and takes you to the right screen with no login in between

6. Does the 10-hour admin window apply to admins on the mobile app too?

Not in the way you might expect. The 10-hour value controls how often the app renews itself in the background. On mobile, that renewal is silent, so an administrator using the mobile app effectively stays signed in for up to 60 days, just like any volunteer user. Admins will only see a login screen if they do not open the app for 60 or more days. If your organization wants a tighter mobile window specifically for administrators, contact the Vome team and we can look at configuring it.

7. How do attendance kiosks work?

Attendance kiosks are public-facing devices, usually a tablet at your check-in area, where volunteer users self-check-in. A kiosk session is completely separate from your normal administrator session.

• An administrator signs in on the kiosk device to start the kiosk session. This is not the same as that admin's personal Vome session.
• The kiosk stays signed in for 30 days from when it was set up.
• Your personal auto-logout setting does not shorten this. For example, a 1-hour admin policy will not shut down the attendance kiosk in the middle of the day.
• Like the mobile app, the kiosk quietly renews its session within that 30-day window.
• When the 30-day window ends, the kiosk's own login screen appears so you can sign in fresh. There is no "session expired" pop-up at the kiosk.

8. Are attendance kiosks secure if they stay signed in for 30 days?

Yes. An attendance kiosk session has hyper-limited scope permissions. It can only perform the actions that are available on the kiosk according to the settings you have configured, and nothing more. It cannot reach settings, exports, user management, billing, two-factor authentication, integrations, or any other administrator page. If someone tries to navigate the device to an admin page, they are stopped by a lock screen. To leave kiosk mode and use other parts of Vome on that device, an administrator must sign in again with full credentials. This restriction is enforced by Vome's servers, not just hidden in the interface, so the kiosk stays limited to its configured actions even if someone tried to misuse the session.

Note: if you open the kiosk URL in your own browser, for example to preview what volunteer users see, that browser is placed in kiosk mode too. Navigating to other admin pages there will require you to sign in again.

9. How does Vome protect sensitive data on the mobile app and attendance kiosks?

Both the mobile app and attendance kiosk sessions run with deliberately limited scopes. Each device can only access the data and perform the actions it needs for its purpose, and nothing more. This limits what could ever be reached or extracted from any single device, even if that device were lost, shared, or left unattended.

This is a careful design decision rather than an afterthought. Session lengths, background renewal, and scope limits are all set in line with established security best practices. Sensitive information stays protected because no single session is ever granted broader access than it actually requires.

10. Can I stay signed in forever?

No. The maximum anyone can set is 60 days. After that you will need to sign in again, no matter what setting you choose. This gives a predictable upper limit on how long any single session can live.

11. Why is the administrator default only 10 hours?

Administrator accounts can view and change organization-wide data such as members, reports, billing, and settings. Limiting admin sessions to about a working day reduces the risk if a device is left unlocked or unattended. Administrators who want a longer window can change their own setting up to 60 days.

12. What if I am filling out a form when my session expires?

You will see the "Your session has expired" dialog. After you enter your password and click Resume, you are returned to the exact page you were on, including any unsaved entries if the form supports it. You do not have to navigate back manually.

13. Is there a "remember me" option?

No. The auto-logout setting is the single control for how long you stay signed in. This keeps things simple and avoids confusion about what state a device is in.

14. What is the difference between auto-logout and an inactivity timeout?

Vome's auto-logout measures the maximum time from when you sign in. The clock starts at sign-in and runs until it expires, whether or not you are actively using Vome. An inactivity timeout, where you are logged out after a period of not doing anything, is not what Vome uses. The maximum-session model was chosen because it gives a clear, hard limit on how long any single session can last.

15. Can our organization require everyone to use a shorter session?

Today, each volunteer user controls their own auto-logout setting. Organization-wide policies, for example requiring all administrators to use 4-hour sessions, are something we are working on for the future.

16. Where do I change my auto-logout setting on mobile?

For now, the auto-logout setting is changed on the web. The mobile app respects whatever you have configured. Go to Settings, Security, Auto-logout on the web to make changes.