John Plocher wrote: > I think that this misses the point - when I access the site once or > twice a week, I do so to edit web pages and the like. This policy limit > (which seems overly restrictive to me) means that statistically, *every* > time community leaders like myself access the site to update page > content, they will be forced to relogin, making the remember-me feature > almost > completely worthless to the very community leaders for whom it was > designed.
The remember me checkbox won't be there anyway. You will still be able to use your browser's auto username/password feature, which means one extra click. > Given that the current "4 years and counting" scheme hasn't exposed any > documented (or even alleged) instances of cookie theft and/or unauthorized > alterations, and lacking any data to back up your preference for > "between one and four hours", I'd like to suggest that the predominant > use-case (not to mention industry-wide norms) calls for a 2-week period > instead. Actually, that's not the case. Sites that contain sensitive data use much shorter periods than that. -- Alan Burlison -- _______________________________________________ website-discuss mailing list [email protected]
