Re: Can we change auto-logout timing on wiki.postgresql.org?

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Bruce Momjian <[email protected]>
To: Stefan Kaltenbrunner <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: Joshua D. Drake <[email protected]>
Cc: Paul Waring <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
Date: Sat, 4 May 2013 17:43:36 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-www>

On Sat, May  4, 2013 at 10:23:14PM +0200, Stefan Kaltenbrunner wrote:
> On 05/04/2013 08:24 PM, Bruce Momjian wrote:
> > On Sat, May  4, 2013 at 08:19:38PM +0200, Stefan Kaltenbrunner wrote:
> >> hmm pretty sure that browsers are supposed to clear session cookies if
> >> they are restarted otherwise you will create bad security issues.
> >> Consider logging in to a some site with personal information, close your
> >> browser hand over your laptop to somebody in the family for a quick
> >> browsing session and he will automatically log in to whatever site you
> >> been at before...
> > 
> > Well, if I just go to gmail.com, it certainly knows I am bmomjian.  If I
> > go to slashdot.org, it knows I am bmomjian too.  I have to explicitly
> > log out if I want be logged out.
> 
> erm - I guess those are using persistent (tracking) cookies(as in you
> clicked on "keep me signed in" at one time) vs classic session cookies,
> are you proposing we should impose persistent cookies on our users?

I find the use of the word "impose" curious.  How do such cookies
"impose"?  Is it storage imposition?  Security imposition?  From a user
perspective, it seems like a feature, not an imposition.

One nice thing our site does is when you click "login", it logs you in
without requiring me to actually see or type the username/password.  I
have no idea how we do that, so I suspect there must be some cookie
activity.

-- 
  Bruce Momjian  <[email protected]>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +


-- 
Sent via pgsql-www mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www

view thread (42+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox