Would it be possible for a user to create a small javascript to replace the default cookie by another one which doesn't expires?
Helder On Sun, Aug 22, 2010 at 16:20, Max Semenik <[email protected]> wrote: > I propose to raise the default ($wgCookieExpiration) at least to 90 > days from current 30. > > This setting was supposed to combat leakage of logged in sessions by > making them expire before before an attacker grabs them. However, > cookie expiry does little to stop bad guys and annoys good ones: > > * Once you've left a public PC without clicking on "log out", your > session is already compromised, even making cookies session-only won't > help. > * If nobody looks specifically for your session, they can stumble upon > it accidentally, while browsing the same site as you did. Lowish > expiry time can indeed help lessen this possibility, however with > Wikipedia's popularity there's pretty solid chance that someone will > visit it from a public teminal within hours, not days. Less popular > sites are, on the other hand, protected by smaller possibilities of > someone looking for them. > * MediaWiki provides no way to adjust preferences without having an > account, so advice "register and set this or that in 'my preferences'" > is pretty popular these days. However, the need to log in every month > which is mildly annoying for wiki regulars, may have a drastic effect > on casual visitors. "You told me to register and when I did, I had to > relogin after a couple of visits!!1" > > Taking this all into account, I see no reason to keep the current > default. > > -- > Max Semenik ([[User:MaxSem]]) > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
