Kyle Hamilton wrote, On 2009-03-19 23:07: > My reason for the conservative time suggestions is because that's what > banks tend to use (my bank times me out after 15 minutes of > inactivity, as does my phone company, and my electric company, and > PayPal, and...).
But those are *minutes of inactivity*. SSL session lifetimes typically do not take activity (or inactivity) into account. If you set a 10 minute lifetime, then 10 minutes later, that session will end, and you must reauthenticate again. So, 10 minutes means reauthenticating 6 times each hour, 48 times per work day. :( > IE7 does have a "forget sessions" button. I'd like to see a > reasonable thing implemented as well in Firefox. FF has had this feature for years. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto