On Jan 29, 2014, at 9:25 AM, Robert Samuel Newson <[email protected]> wrote:
> couchdb should send an updated cookie if the one you authenticated with is > still valid and more than 10% of the way through its lifetime. That's convenient, but it means a session ID that's in regular use will never expire, which isn't the greatest for security. Is there an option to set a secondary expiration interval after which the session renewal runs out and the user is forced to enter credentials again? (I just looked at the config docs but didn't see a setting for that.) —Jens
