Incidentally, I think it would be better to desactivate the session instead of removing them. When a user claims he lost his password and change his mail, I am glad to have a look at the recent sessions and see if he connected recently (in which case, the guy is trying to steal the account).
Also it might be good to allow me to desactivate my 300+ session at Savannah at once, but that's another point :) -- Sylvain On Mon, Jun 20, 2005 at 08:02:00AM +0200, Mathieu Roy wrote: > dimanche 19 juin, vers 11h, Tobias Toedter tapota : > > > > > Hi all, > > > > I've been wondering why there is an option in the user account > > preferences to manage the sessions. It seems that one cannot do > > anything with the listed sessions, except to delete them. > > > > Do we really need this? Wouldn't it be better for the backend to > > clean up the session database periodically and remove any session > > which is older than, say, one week? > > > > If there's a specific reason for this frontend session management > > which I'm missing here, I'd like to hear about it. > > - it is very important that people can get a list of opened > session listing which IP opened it. > - there's no reason not to allow them to clean their session; they may > have forgot a session on a public computer they no longer have access > too > - the backend already clean old session itself > - there's no point in automatically remove session after one week > while at the same time we allow cookies for one year > - moreover, I do not get what problem pose this feature, hence I'm > not sure to understand what we would achieve by removing it. _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
