> Charles> The way the default code works, when the browser is closed
> Charles> the cookie no longer works. Our system will delete cookies
> Charles> stored on the backend every 30 minutes, so a cookie will have
> Charles> to be resubmitted (recreated) at that time as well.
>
> Charles> At least, that's how I understand it works... someone more
> Charles> familiar with cookies may say otherwise.
>
> The default scripts issue the set cookie header w/o an expiration
> date, so that is correct. Since the backend drops every 30 min, it
> would not be unreasonable to set the cookie expiration date to
> current+30min.
At the moment, it uses a session cookie (Disappears when the browser is
closed), right? This is the best way to handle it, IMO... once I (As an end
user) close the browser in question, I don't have to worry about someone
else sitting down at my machine and automatically getting access to all my
domains.
