[OpenID board] Staying signed in to openid.net

[Brian Kissel]

Thanks for the feedback from Marty and Chris.  Anyone else have an opinion on 12 hours (or 24 hours, or 3 days, etc.) vs. persistent until logged out?

Cheers,

Brian
==============
Brian Kissel
Cell: 503.866.4424
Fax: 503.296.5502


-----Original Message-----
From: board-bounces at openid.net [mailto:board-bounces at openid.net] On Behalf Of Martin Atkins
Sent: Wednesday, December 10, 2008 3:44 PM
To: board at openid.net
Subject: Re: [OpenID board] Staying signed in to openid.net

Brian Kissel wrote:
> This is something that Refresh media set up some time ago so that the login timed out after 2 hours.  Refresh has recommended increasing the timeout period to 12 hours and Mike Jones has approved that.  Will that be sufficient for everyone?
>

That seems like a reasonable fix for now, but in the long term I think
what Chris was requesting was something more like a "Remember me" option
where the session will stay active until he explicitly logs out.

Since access to the OIDF membership area is low-value (there's some
personal information and the ability to vote on things that aren't of
interest to anyone outside of the OpenID community) I don't think having
indefinite sessions poses a terrible security risk. I'm happy to be
disagreed with, of course. :)

(To be clear, though, I don't suggest anything more than fiddling with
the settings until the election is completed.)

_______________________________________________
board mailing list
board at openid.net
http://openid.net/mailman/listinfo/board


__________ Information from ESET NOD32 Antivirus, version of virus signature database 3682 (20081210) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus signature database 3682 (20081210) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com