Re: Can we change auto-logout timing on wiki.postgresql.org?

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Stefan Kaltenbrunner <[email protected]>
To: Bruce Momjian <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: Joshua D. Drake <[email protected]>
Cc: Paul Waring <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
Date: Sat, 04 May 2013 22:23:14 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>
	<CABUevEzX44DyxsGHnq8L4176FMjBvsjNLL4dXTrOo3ayHBtZ5Q@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-www>

On 05/04/2013 08:24 PM, Bruce Momjian wrote:
> On Sat, May  4, 2013 at 08:19:38PM +0200, Stefan Kaltenbrunner wrote:
>> hmm pretty sure that browsers are supposed to clear session cookies if
>> they are restarted otherwise you will create bad security issues.
>> Consider logging in to a some site with personal information, close your
>> browser hand over your laptop to somebody in the family for a quick
>> browsing session and he will automatically log in to whatever site you
>> been at before...
> 
> Well, if I just go to gmail.com, it certainly knows I am bmomjian.  If I
> go to slashdot.org, it knows I am bmomjian too.  I have to explicitly
> log out if I want be logged out.

erm - I guess those are using persistent (tracking) cookies(as in you
clicked on "keep me signed in" at one time) vs classic session cookies,
are you proposing we should impose persistent cookies on our users?


Stefan


-- 
Sent via pgsql-www mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www

view thread (42+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Can we change auto-logout timing on wiki.postgresql.org?
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox