[OpenID board] Staying signed in to openid.net
Martin Atkins
mart at degeneration.co.uk
Wed Dec 10 23:44:15 UTC 2008
Brian Kissel wrote:
> This is something that Refresh media set up some time ago so that the login timed out after 2 hours. Refresh has recommended increasing the timeout period to 12 hours and Mike Jones has approved that. Will that be sufficient for everyone?
>
That seems like a reasonable fix for now, but in the long term I think
what Chris was requesting was something more like a "Remember me" option
where the session will stay active until he explicitly logs out.
Since access to the OIDF membership area is low-value (there's some
personal information and the ability to vote on things that aren't of
interest to anyone outside of the OpenID community) I don't think having
indefinite sessions poses a terrible security risk. I'm happy to be
disagreed with, of course. :)
(To be clear, though, I don't suggest anything more than fiddling with
the settings until the election is completed.)
More information about the board
mailing list