On Mar 23, 6:32 am, pca <pierre.carbonne...@gmail.com> wrote: > Could someone explain me how the authorisation cookie behaves ? > > I've seen the following parameter in the GAE administration tool / > Application settings: > Cookie Expiration: 1 day / 1 week / 2 weeks > App Engine uses a cookie to keep users logged in to your > application. > You can control how long each login cookie remains valid before > being re-issued by using this parameter. > > I don't understand the comment. Do users have to login every 2 weeks, > even if they access the application every day ? Or they must login > only if they have not accessed the application in the last 2 weeks ? > In other words, does users.get_current_user() restart the 2 weeks > validity period ? If not, is there any way for the application to > restart the validity programmatically ? > > I could not find any info in the documentation, and discovering it by > trying it would be too time-consuming for me...
I believe the cookie is set to expire 2 weeks after login, and then isn't written again after that. The only workaround I can think of would be to use you own auth sessions (which could still use Google logins through openID) and re- write the session cookie with a new, extended expiration date every time the user uses your application. This is a fairly common type of security precaution; someone gaining access to a user's machine could only exploit the existing cookies for a limited amount of time, although of course the amount of damage they could do within that 2 week window is still probably fairly high. You might think users would be turned off by needing to login again every 2 weeks, but Facebook requires it and it hasn't hurt their popularity much; at this point you can probably assume your users are used to periodic logins. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.