Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UYh8I-0001FL-0T for pgsql-www@arkaria.postgresql.org; Sat, 04 May 2013 18:24:30 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.72) (envelope-from ) id 1UYh8H-0002sa-Dm for pgsql-www@arkaria.postgresql.org; Sat, 04 May 2013 18:24:29 +0000 Received: from makus.postgresql.org ([2001:4800:7903:4::125]) by malur.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UYh8G-0002sU-Gh for pgsql-www@postgresql.org; Sat, 04 May 2013 18:24:28 +0000 Received: from momjian.us ([72.94.173.45]) by makus.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UYh8D-0007Ut-Ni for pgsql-www@postgresql.org; Sat, 04 May 2013 18:24:27 +0000 Received: from bruce by momjian.us with local (Exim 4.72) (envelope-from ) id 1UYh87-0003SS-QX; Sat, 04 May 2013 14:24:19 -0400 Date: Sat, 4 May 2013 14:24:19 -0400 From: Bruce Momjian To: Stefan Kaltenbrunner Cc: Magnus Hagander , "Joshua D. Drake" , Paul Waring , PostgreSQL WWW Subject: Re: Can we change auto-logout timing on wiki.postgresql.org? Message-ID: <20130504182419.GE5625@momjian.us> References: <20130427140914.GA20361@momjian.us> <517BFC61.2070307@commandprompt.com> <20130503004045.GC3374@momjian.us> <20130503132345.GG3374@momjian.us> <5185099B.6000604@kaltenbrunner.cc> <20130504140518.GA5625@momjian.us> <518548F4.9040109@kaltenbrunner.cc> <20130504180854.GB5625@momjian.us> <5185513A.0@kaltenbrunner.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5185513A.0@kaltenbrunner.cc> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pg-Spam-Score: -4.4 (----) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-www Precedence: bulk Sender: pgsql-www-owner@postgresql.org On Sat, May 4, 2013 at 08:19:38PM +0200, Stefan Kaltenbrunner wrote: > On 05/04/2013 08:08 PM, Bruce Momjian wrote: > > On Sat, May 4, 2013 at 07:44:20PM +0200, Stefan Kaltenbrunner wrote: > >> [...] > >>> I decided to look into this again and I see my preferences aren't set > >>> for me to get emails for changes on my watch list: > >>> > >>> E-mail me when a page on my watchlist is changed > >>> > >>> I am not sure of the value of a watch list if you don't get email > >>> notifications. If I try to enable that and save, I get a failure: > >>> > >>> There was either an authentication database error or you are not > >>> allowed to update your external account. > >> > >> hmm thanks for the report - that seems to be a (fairly) recently > >> introduced buglet in our custom authentication backend, it should > >> however not have resulted in any lost functionality just the above error > >> message. Should be fixed now anyway. > > > > OK, I was now able to add email notification for watch list changes. > > Let's see if I get any email when someone modifies something. It might > > take a few weeks before I would know. > > hmm weird - afaiks the error message should have been cosmetic only, are > you saying that it seems to have actually prevented the notifications? Oh, it certainly prevented me from modifying my preferences, but it certainly works now. > >>> I am not sure when that setting was changed, but I certainly didn't do > >>> it. I bet that is why I don't get wiki change notifications. Does > >>> anyone else get notifications? > >> > >> I do ;) > > > > Oh, that's interesting. Did you have those buttons checked in your > > preferences? I did not. > > yeah i had them (but I'm pretty sure I had manually checked them) OK. That explains it then. > >>>> the ~20min is not a MW default, it is one from debian about cleaning up > >>>> session data (again a protection machanism, http is stateless and you > >>>> don't get a "user logged off" thingy in general so we need to remove > >>>> session data in some interval to not end up with millions of session files). > >>>> And yes as said above - we have speculated only so far on what exactly > >>>> the session timeout mechanics are and if the settings we are currently > >>>> dealing with actually control what people complain about - I'm still not > >>>> sure if you are saying it does or not? > >>> > >>> I have no idea. > >> > >> hmm not sure I get that - if you restart your browser daily how are the > >> session cookies even get preserved, or do you use one of these "restore > >> session" features? > > > > Uh, well, I have the TODO list as one of my default startup tabs. Most > > websites can still use old cookies on a browser restart, e.g. Gmail, > > Slashdot. > > > hmm pretty sure that browsers are supposed to clear session cookies if > they are restarted otherwise you will create bad security issues. > Consider logging in to a some site with personal information, close your > browser hand over your laptop to somebody in the family for a quick > browsing session and he will automatically log in to whatever site you > been at before... Well, if I just go to gmail.com, it certainly knows I am bmomjian. If I go to slashdot.org, it knows I am bmomjian too. I have to explicitly log out if I want be logged out. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-www mailing list (pgsql-www@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-www