Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from
	<pgsql-www-owner+M21584=pgsql+2Dwww=arkaria.postgresql.org@postgresql.org>)
	id 1UW19y-0002mQ-I6
	for pgsql-www@arkaria.postgresql.org; Sat, 27 Apr 2013 09:11:10 +0000
Received: from localhost ([127.0.0.1] helo=postgresql.org)
	by malur.postgresql.org with smtp (Exim 4.72) (envelope-from
	<pgsql-www-owner+M21584=pgsql+2Dwww=arkaria.postgresql.org@postgresql.org>)
	id 1UW19x-0007E7-Fv
	for pgsql-www@arkaria.postgresql.org; Sat, 27 Apr 2013 09:11:09 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtp (Exim 4.72)
	(envelope-from <stefan@kaltenbrunner.cc>) id 1UW19v-0007Dz-QD
	for pgsql-www@postgresql.org; Sat, 27 Apr 2013 09:11:07 +0000
Received: from cronos.madness.at ([2a02:16a8:dc41::10])
	by magus.postgresql.org with esmtp (Exim 4.72)
	(envelope-from <stefan@kaltenbrunner.cc>) id 1UW19m-0008Pm-Qy
	for pgsql-www@postgresql.org; Sat, 27 Apr 2013 09:11:05 +0000
Received: from mastermind.kaltenbrunner.cc ([2001:470:7a2d::22])
	by cronos.madness.at with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.72) (envelope-from <stefan@kaltenbrunner.cc>)
	id 1UW19g-000767-B3; Sat, 27 Apr 2013 11:10:54 +0200
Message-ID: <517B9613.4090201@kaltenbrunner.cc>
Date: Sat, 27 Apr 2013 11:10:43 +0200
From: Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: "Joshua D. Drake" <jd@commandprompt.com>
CC: Paul Waring <paul@xk7.net>, pgsql-www@postgresql.org
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
References: <5179CD76.6030908@agliodbs.com>
	<CABUevEymuYyyof68ASuDt9GBpFOvF2r0WNyk8JxK1nbGG70Rpw@mail.gmail.com>
	<517A6C78.7000101@xk7.net>
	<CABUevEw0asBAR6jS=aqKBG1OAJmTsMP1FiocCm-cLJfqGEAm_w@mail.gmail.com>
	<517A7144.4070204@xk7.net> <517B729C.4060906@kaltenbrunner.cc>
	<517B7658.9070209@commandprompt.com>
In-Reply-To: <517B7658.9070209@commandprompt.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Pg-Spam-Score: -1.9 (-)
List-Archive: <http://archives.postgresql.org/pgsql-www>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-www.postgresql.org>
List-Owner: <mailto:pgsql-www-owner@postgresql.org>
List-Post: <mailto:pgsql-www@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-www>
List-Unsubscribe: <mailto:majordomo@postgresql.org?body=unsub%20pgsql-www>
X-Mailing-List: pgsql-www
Precedence: bulk
Sender: pgsql-www-owner@postgresql.org

On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
> 
> On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
> 
>> interesting hint - thanks.
>>
>> I have now increased the relevant timeouts to 6h - lets see how that
>> goes..
> 
> FTR, I don't think we should autologout people or at least it should be
> set to something like 7D.

well from a security perspective it is usually advisable to keep session
lifetimes as short as possible, I agree that the current setup was way
to aggressive, but 6h already results in a 6-15x increase of what we had
before. We can always adjust upwards if we people are really working 6h+
on an article but lets see first if this change really fixes the issue
berkus complained about.


Stefan


-- 
Sent via pgsql-www mailing list (pgsql-www@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www