Category: Development

New “Stay Signed In” feature

4 minute read time · Updated April 4, 2025 · First published April 4, 2025

Have you ever hit the reload/refresh button in your browser whilst logged into MIDAS? Were you surprised to be bounced back to a login screen when you did? Well no more!

We’ve redesigned and improved the sign-in experience for MIDAS v4.39.

In previous versions, two options were offered on the sign-in screen..

Remember Me

Remember Me

Previously, the login screen included a “Remember Me” tick box. If this was selected when a user logged in, MIDAS would store their credentials in a cookie. The next time they accessed the login screen in the same browser, MIDAS would read this cookie and automatically populate the various fields on the login screen.

Auto-Login

Auto Login

An optional “Auto-Login” box was also present on the login screen whenever the “Remember Me” box was selected.

If “Auto-Login” was also selected, then the next time the user accessed the login screen, MIDAS would not only read the ‘remember me’ cookie and automatically populate the fields on the login screen, but also automatically click the “Login” button.

Drawbacks

There were a number of drawbacks to this approach. The primary drawback being that the “Remember Me” option stored a user’s credentials in a cookie. Whilst this data was encoded and obfuscated, it is no longer best practice to store such data in this manner.

The “Remember Me” option is also now somewhat outdated redundant. It was first introduced some 16 years ago – way back with MIDAS v2 in September 2009. Back then, password managers weren’t really a thing, and web browsers themselves didn’t provide a means to remember logins to websites.

Nowadays, all modern browsers off users the ability to remember credentials to websites and webapps. In addition, third party password managers are now also common place.

So it was time to give the “Remember Me” function a complete overhall.

In doing so, we also wanted to address a frustration which a number of our customers have reported over the years. If, when using MIDAS, they accidentally hit their browser’s reload/refresh button, MIDAS jumps them back to a login screen. (That is, unless they had selected both the “Remember Me” and the “Auto-Login” options when they initially logged in).

To combat this frustration, and to simplify the number of options on the MIDAS login screen, starting with v4.39 users will see a single “Stay signed in” option on their sign in screen.

The previous “Remember Me” and “Auto-login” options have been removed.

Staying signed in

Selecting this new “Stay signed in” option when signing in will keep the user signed-in to MIDAS on that browser until they sign out (or until their session times out, based upon the security settings setup by an administrator in your booking system.

Here’s how the new sign-in screen looks:

MIDAS sign-in screen with the new 'Stay signed in' option
MIDAS sign-in screen with the new ‘Stay signed in’ option

Like the previous “Remember Me” option, the new “Stay signed in” option also stores data in a cookie. However, unlike the former, the new “Stay Signed In” option only stores a randomly generated and unique session ID. No credentials themselves are stored in a cookie.

Refreshing and Reloading

Regardless of whether the new “Stay signed in” option is selected on a user’s sign-in screen, once the user has signed in, hitting refresh or reload in their browser will no longer jump the user back to a login screen – they will remain signed in!

With the “Stay signed in” option selected (and assuming the user isn’t accessing via a private/incognito browser window), the user can completely close their browser, and the next time they open it and access your MIDAS URL, they will still be signed in.

Security Considerations

Naturally, if the browser/device you use is shared by multiple people, then you should not select the “Stay signed in” option when signing in to MIDAS.

An administrative setting also exists to prevent the “Stay signed in” option from being shown to users.

An administrator may also still wish to force user’s sessions to expire if there is an extended period of no activity. To accommodate this, new settings have been added to the Session Control section of the security screen. This screen may be accessed via MIDAS Admin Options → Manage MIDAS → Security.

New Session Control security options in MIDAS v4.39
New Session Control security options in MIDAS v4.39
Tags: ,

Authenticator App Support

5 minute read time · Updated February 11, 2025 · First published November 25, 2024
Authenticator App

Two-Factor Authentication (sometimes referred to as 2FA) is a more secure method of logging into websites or online services.

Traditionally, when you “log in” to a website or online service, you enter your username (typically your email address) and password. Then you click a button, and if the details you enter are valid, you’re logged in.

Unfortunately, many people reuse the same credentials (username / password combination) again and again for multiple websites and online services. The danger of this is that if one of those services gets “hacked” or suffers a data breach where user credentials are exposed, an attacker could potentially then access all other websites and online services that that person uses.

Two-factor authentication combats this. It does so by employing a secondary means of authentication in addition to the traditional username / password combination in order to authenticate a user’s access.

This means that even if a user’s password has been compromised, an attacker couldn’t then this to gain access to someone’s account.

Two Factor Authentication in MIDAS

Since 2015, all MIDAS room booking systems have included optional two-factor authentication. If enabled, this adds an additional layer of account security to our software.

With Two-Factor Authentication enabled, each time a user logins in, a code is sent to their email inbox. The user must then enter this code into MIDAS in order to complete their log in.

But starting with MIDAS v4.38, we’re improving 2FA options and support in our software!

MIDAS v4.38 (and later) now support authenticator apps – including Google Authenticator and Microsoft Authenticator – as an alternative 2FA login option to email.

Per User Two Factor Authentication Settings

Previously, the 2FA option in MIDAS was a ‘global’ setting. This meant that it could be enabled or disabled for all user accounts at once. It was not possible to have ‘per account’ 2FA settings.

We’ve made this more flexible for MIDAS v4.38!

Now, administrators can set whether 2FA is enabled for each individual user account. The 2FA option for each account can also be set.

Available 2FA options are now:

  • Authenticator App
  • Email

Enabling 2FA Authenticator App Globally in MIDAS

To globally turn on 2FA for all users, administrators can go to MIDAS Admin Options > Manage MIDAS > Security. In the “Two Factor Authentication (2FA)” section, tick the “Enable Two-Factor Authentication For All Users?” box, and then select the “Authenticator App” option:

Global Two-Factor Authentication Options - now includes authenticator apps
Global Two-Factor Authentication Options – now includes authenticator apps

Click “Save Changes” and 2FA via Authenticator Apps will be enabled for all user accounts.

Enabling 2FA Authenticator App For Individual User Accounts

2FA options are also available on a per-user account basis. Administrators can enable, disable, or change the 2FA method on a user account by going to MIDAS Admin Options > Manage Users & Permissions.

Select the user account you wish to enable 2FA for, and choose “Authenticator App” from the “2FA Login” setting:

New per-user Two-Factor Authentication Options
New per-user Two-Factor Authentication Options

Then click “Save Changes”.

How 2FA via an Authenticator App Works

When 2FA authentication via authenticator apps has been enabled on a user’s account, the next time they login, they’ll be presented with a QR Code to scan with their authenticator app:

Setting up your authenticator app upon first login
Setting up your authenticator app upon first login

If they’re unable to scan the QR Code a ‘secret key’ is also provided which can be manually entered into authenticator apps.

The user’s authenticator app will then generate a 6 digit code which they can enter into MIDAS to complete their login.

The QR Code / Secret Key needs only to be scanned/entered into the user’s authenticator app once upon first use. For subsequent logins, the user will simply need to enter the 6 digit code generated by their authenticator app:

Entering a OTP generated by your authenticator app to complete login
Entering a OTP generated by your authenticator app to complete login

Supported Authenticator Apps

Popular FREE authenticator apps supported by MIDAS include:

However, any OTP authenticator app which generates Timed One-Time Passwords (TOTP) derived from a shared secret value and the current time should be compatible. TOTP codes are typically six digits long and change every 30 seconds.

Resetting 2FA

If a user looses their authenticator app, an administrative user in a MIDAS system can change the user’s 2FA method, or reset their authenticator token. By resetting a user’s authenticator token, the next time the user logs in, they’ll be presented with a brand new QR Code/Secret Key to enter into their authenticator app.

Availability

2FA login authentication has been available since MIDAS v4.10 (2015). However, this implementation is limited to authentication codes sent to users via email. 2FA could also only be enabled globally (for all user accounts)

2FA login authentication via either email or authenticator apps is available in MIDAS v4.38 or later. These options can be enabled globally, or an a per user account basis.

Tags: , , ,

Include Date Notes on booking print outs

1 minute read time · Updated August 26, 2024 · First published August 26, 2024

The “Date Notes” feature allows you to attach notes to a single date, or a range of dates within your booking system.

Add notes to calendar dates
Add notes to calendar dates

These notes are then shown to all users who navigate to that date (or to a date within that range).

This can be used to remind other users of special dates, when your closed for public holidays, or other activities or notable events to be aware of on certain dates.

Dates with notes associated with them are also indicated on the Booking Availability screen where they can be quickly viewed before new bookings are added.

MIDAS v4.37 introduces a new setting which now also allows you to include date notes on your booking print outs.

This new setting may be found under MIDAS Admin Options → Manage MIDAS → Print → Include Date Notes on printouts.

Tags: ,

Updates to our “Reviews” addon

3 minute read time · Updated August 22, 2024 · First published August 22, 2024

This week we’ve released an update to the optional “Reviews” addon for MIDAS.

If you’re not familiar with this addon, it allows your business to automatically collect feedback, reviews, and ratings on independent review sites from the customers who hire and book your facilities.

How the Reviews addon works

The “Reviews” addon works by automatically notifying an independent review collection platform after a client’s booking has taken place at your facilities. The review platform then in turn sends out an invitation by email to your client asking them to leave a review or rating of their experience with your business on their website.

Supported Review Platforms

First released in 2020, initially integration was supported for four independent review platforms by our addon. This was further increased to five review platforms in 2022.

As our Reviews addon integrates with independent, third party review and rating services, our addon is reliant on these services remaining active.

Latest updates to our Reviews addon

Psydro is now defunct

Recently, the “Psydro” review platform appears to have closed. It’s main website has been timing out and returning errors for a while now. Whilst there’s been no official statement from Psydro, given their website had been inaccessible for some time, we believe this platform is now dead. Consequently, we have now dropped support for Psydro.

collect-reviews.com is now defunct

There’s also something strange going on with the “collect-reviews” website. Recently, it’s content has changed to a Thai gambling site. Again, there’s been no official statement from the collect-reviews team. It is therefore not known if they’ve sold their domain, or if it’s been hacked. Either way, it’s clear that right now their website is not the review platform it was previously. Consequently, we have now also dropped support for “collect-reviews”.

TrustSpot rebrands to RaveCapture

Finally, “TrustSpot” has recently rebranded to become “RaveCapture”. TrustSpot was one of the review platforms our addon supported from the outset. According to the TrustSpot/RaveCapture team, other than a name and logo change, nothing else has changed. The platform’s functionality remains the same. We’ve therefore updated the name and logo in our Reviews addon to reflect this rebrand.

In addition to RaveCapture/TrustSpot, our addon continues to support the Reviews.io and TrustPilot platforms too!

How to get the Reviews addon

If you’d like to get reviews from users of your facilities on popular review sites like TrustPilot, then the Reviews addon for MIDAS is for you!

This optional addon is available for both cloud hosted and self hosted MIDAS booking systems.

To add this addon to your existing MIDAS system, simply go to mid.as/upgrade.

If you’re not yet using MIDAS to handle your bookings and scheduling, you can get MIDAS today with the Reviews addon.

Tags: