On Jan 9, 2009, at 3:23 AM, SM wrote: > The cookie is set without specifying an expiration. So, this cookie > will expire when the user closes the browser. OTOH, the sessions will > likely persist in the Store for much longer as specified by the > timeout config parameter.
Yes, but it's impossible to know how long the user will have his/her browser open. In this day and age, I can't keep Firefox open for more than a few days before something brings it down, but it wouldn't be hard to imagine that someone who uses only 1 or 2 tabs and does minimal browsing could keep it open for a week or two. > Shouldn't the cookie have and expiration Optionally, yes. But, as a default I think that expiring at the end of the browser session, "session cookies" is good. > and shouldn't it correspond > to the timeouts used for the data Store? For obvious reasons, it should at _least_ be as great as the cookie timeout, but it's unlikely to cause harm if the session's store persists longer, though high traffic sites with lots of sessions may want to make them correspond. Andrew -- http://www.apgwoz.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
