Alan Burlison wrote: > You'll only have to log in if you want to change anything, which immediately > excludes most casual users. >>> although this will of course be configurable. >> As long as it can be set to things like "2 weeks", "1 month" or even >> "never"... > > It will most probably be a small number of hours, and certainly not more > than a day. >
I think that this misses the point - when I access the site once or twice a week, I do so to edit web pages and the like. This policy limit (which seems overly restrictive to me) means that statistically, *every* time community leaders like myself access the site to update page content, they will be forced to relogin, making the remember-me feature almost completely worthless to the very community leaders for whom it was designed. Given that the current "4 years and counting" scheme hasn't exposed any documented (or even alleged) instances of cookie theft and/or unauthorized alterations, and lacking any data to back up your preference for "between one and four hours", I'd like to suggest that the predominant use-case (not to mention industry-wide norms) calls for a 2-week period instead. -John _______________________________________________ website-discuss mailing list [email protected]
