Brian Kissel wrote: > This is something that Refresh media set up some time ago so that the login > timed out after 2 hours. Refresh has recommended increasing the timeout > period to 12 hours and Mike Jones has approved that. Will that be sufficient > for everyone? >
That seems like a reasonable fix for now, but in the long term I think what Chris was requesting was something more like a "Remember me" option where the session will stay active until he explicitly logs out. Since access to the OIDF membership area is low-value (there's some personal information and the ability to vote on things that aren't of interest to anyone outside of the OpenID community) I don't think having indefinite sessions poses a terrible security risk. I'm happy to be disagreed with, of course. :) (To be clear, though, I don't suggest anything more than fiddling with the settings until the election is completed.) _______________________________________________ board mailing list [email protected] http://openid.net/mailman/listinfo/board
