https://bugzilla.wikimedia.org/show_bug.cgi?id=66699
Krinkle <krinklem...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |krinklem...@gmail.com
--- Comment #15 from Krinkle <krinklem...@gmail.com> ---
I'm not entirely sure, but the login cookie expiration is only relevant in
relation to how long a user is *not* active, not how long or how often they
*are* active.
Meaning, if you visit the site at least once or twice a month, your session
will never expire because it's extended with every visit.
Allowing existing sessions to be picked up again after more than a month of not
using the site doesn't seem very valuable. If anything it sounds a little dodgy
from a security perspective (e.g. stolen sessions, or computer theft).
I'm not opposing it entirely on any of those grounds, just want to verify here:
1) Is it true that sessions are automatically extended with each visit and that
therefore, with 30 days expiration, the session will last forever if you visit
once every 30 days?
2) Is the only use case that would justify this change so that users who aren't
very active don't have to log in again if they've been inactive for over a
month?
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
