https://bugzilla.wikimedia.org/show_bug.cgi?id=66699
Krinkle <krinklem...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |krinklem...@gmail.com --- Comment #15 from Krinkle <krinklem...@gmail.com> --- I'm not entirely sure, but the login cookie expiration is only relevant in relation to how long a user is *not* active, not how long or how often they *are* active. Meaning, if you visit the site at least once or twice a month, your session will never expire because it's extended with every visit. Allowing existing sessions to be picked up again after more than a month of not using the site doesn't seem very valuable. If anything it sounds a little dodgy from a security perspective (e.g. stolen sessions, or computer theft). I'm not opposing it entirely on any of those grounds, just want to verify here: 1) Is it true that sessions are automatically extended with each visit and that therefore, with 30 days expiration, the session will last forever if you visit once every 30 days? 2) Is the only use case that would justify this change so that users who aren't very active don't have to log in again if they've been inactive for over a month? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l