[WikiCaretakers] Increase cookie login time
Paul Hänsch
paul at fsfe.org
Wed Jun 14 12:17:26 CEST 2017
On Wed, Jun 14, 2017 at 09:26:32AM +0000, Max Mehl wrote:
> Would it be possible to increase the time until a user is logged out
> after he/she successfully authenticated? It's quite nasty to type in the
> credentials several times a day (currently it's 3 hours IIRC).
>
> 3-7 days would be a good time frame IMHO.
In contemporary web services it is customary to provide at least two cookies
with a login. One session cookie with a short timeout, and one long-lived
login-cookie that is valid for days or weeks. The session cookie retains the
session, while the login cookie allows to easily open a new one.
This seems to be the common method of providing long-term logins. I am however
not familiar with the security considerations that lead up this routine.
Unfortunately moin does only support session cookies. Without further reading
I would be reluctant to make the session cookie so lasting.
I would rather consider a time-frame of maybe 12 hours, which should still
bring you over the workday.
Maybe we could do something with OpenID to reproduce the dual approach, but I
have no distinct idea yet, how this would work exactly.
--
Paul Hänsch █▉ Webmaster, System-Hacker
█▉█▉█▉
Jabber: paul at jabber.fsfe.org ▉▉ Free Software Foundation Europe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.fsfe.org/pipermail/wikicaretakers/attachments/20170614/e58cfe59/attachment.pgp>
More information about the WikiCaretakers
mailing list