https://bugzilla.wikimedia.org/show_bug.cgi?id=66699
Bug ID: 66699
Summary: If user checks "keep me logged in", remember them
Product: Wikimedia
Version: wmf-deployment
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: General/Unknown
Assignee: [email protected]
Reporter: [email protected]
Web browser: ---
Mobile Platform: ---
Previously, we were required to remember a user's session information for no
longer than 30 days on Wikimedia sites. The new privacy policy
(https://meta.wikimedia.org/wiki/Privacy_policy) does not require such a
limitation, and in fact explicitly calls out remembering logins as a use case:
"...such as by using cookies to maintain your session when you log in or to
remember your username in the login field."
As such, if a user checks the "keep me logged in option" on the login form,
cookie expiry should be set to one year.
In practice, this will often be shorter, since users often travel across many
browsers or devices, and may clear their cookies. At the very least, users who
opt in to being remembered should have their sessions remembered for longer
than the arbitrary 30 day limit.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
