Thanks for the feedback from Marty and Chris. Anyone else have an opinion on 12 hours (or 24 hours, or 3 days, etc.) vs. persistent until logged out?
Cheers, Brian ============== Brian Kissel Cell: 503.866.4424 Fax: 503.296.5502 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Wednesday, December 10, 2008 3:44 PM To: [email protected] Subject: Re: [OpenID board] Staying signed in to openid.net Brian Kissel wrote: > This is something that Refresh media set up some time ago so that the login > timed out after 2 hours. Refresh has recommended increasing the timeout > period to 12 hours and Mike Jones has approved that. Will that be sufficient > for everyone? > That seems like a reasonable fix for now, but in the long term I think what Chris was requesting was something more like a "Remember me" option where the session will stay active until he explicitly logs out. Since access to the OIDF membership area is low-value (there's some personal information and the ability to vote on things that aren't of interest to anyone outside of the OpenID community) I don't think having indefinite sessions poses a terrible security risk. I'm happy to be disagreed with, of course. :) (To be clear, though, I don't suggest anything more than fiddling with the settings until the election is completed.) _______________________________________________ board mailing list [email protected] http://openid.net/mailman/listinfo/board __________ Information from ESET NOD32 Antivirus, version of virus signature database 3682 (20081210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 3682 (20081210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ board mailing list [email protected] http://openid.net/mailman/listinfo/board
