Re: Can we change auto-logout timing on wiki.postgresql.org?
| От | Bruce Momjian |
|---|---|
| Тема | Re: Can we change auto-logout timing on wiki.postgresql.org? |
| Дата | |
| Msg-id | 20130504214336.GA21630@momjian.us обсуждение исходный текст |
| Ответ на | Re: Can we change auto-logout timing on wiki.postgresql.org? (Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>) |
| Список | pgsql-www |
On Sat, May 4, 2013 at 10:23:14PM +0200, Stefan Kaltenbrunner wrote: > On 05/04/2013 08:24 PM, Bruce Momjian wrote: > > On Sat, May 4, 2013 at 08:19:38PM +0200, Stefan Kaltenbrunner wrote: > >> hmm pretty sure that browsers are supposed to clear session cookies if > >> they are restarted otherwise you will create bad security issues. > >> Consider logging in to a some site with personal information, close your > >> browser hand over your laptop to somebody in the family for a quick > >> browsing session and he will automatically log in to whatever site you > >> been at before... > > > > Well, if I just go to gmail.com, it certainly knows I am bmomjian. If I > > go to slashdot.org, it knows I am bmomjian too. I have to explicitly > > log out if I want be logged out. > > erm - I guess those are using persistent (tracking) cookies(as in you > clicked on "keep me signed in" at one time) vs classic session cookies, > are you proposing we should impose persistent cookies on our users? I find the use of the word "impose" curious. How do such cookies "impose"? Is it storage imposition? Security imposition? From a user perspective, it seems like a feature, not an imposition. One nice thing our site does is when you click "login", it logs you in without requiring me to actually see or type the username/password. I have no idea how we do that, so I suspect there must be some cookie activity. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
В списке pgsql-www по дате отправления: