Jeffrey,
At 02:32 PM 5/9/00 -0700, Jeffrey W. Baker wrote:
>Why is the session ID invalid just because they left for a week? Ask them
>to authenticate again and take them right back to whatever they were
>doing.
>
>On some sites bookmarking the URL with the session ID embedded is the
>optimal behavior.
>
>-jwb
>
perhaps we just have a different understanding of sessions. What you refer
to sounds more like the 'profiles' we associate with authenticated users.
Sessions are short-lived blobs of data which keep information about what a
user does at this very moment on our site. If he doesn't touch the session
data for while (means hit one of the servers which update modtime in the
session blob) then he will need to reauthenticate with the service and
establish a new session.
Tobias
