Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UYize-0002R2-39 for pgsql-www@arkaria.postgresql.org; Sat, 04 May 2013 20:23:42 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.72) (envelope-from ) id 1UYizc-0001AP-U3 for pgsql-www@arkaria.postgresql.org; Sat, 04 May 2013 20:23:40 +0000 Received: from makus.postgresql.org ([2001:4800:7903:4::125]) by malur.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UYizc-0001AJ-68 for pgsql-www@postgresql.org; Sat, 04 May 2013 20:23:40 +0000 Received: from cronos.madness.at ([2a02:16a8:dc41::10]) by makus.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1UYiza-0000zg-4v for pgsql-www@postgresql.org; Sat, 04 May 2013 20:23:39 +0000 Received: from mastermind.kaltenbrunner.cc ([2001:470:7a2d::22]) by cronos.madness.at with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from ) id 1UYizQ-0005zg-Ha; Sat, 04 May 2013 22:23:30 +0200 Message-ID: <51856E32.90702@kaltenbrunner.cc> Date: Sat, 04 May 2013 22:23:14 +0200 From: Stefan Kaltenbrunner User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Bruce Momjian CC: Magnus Hagander , "Joshua D. Drake" , Paul Waring , PostgreSQL WWW Subject: Re: Can we change auto-logout timing on wiki.postgresql.org? References: <20130427140914.GA20361@momjian.us> <517BFC61.2070307@commandprompt.com> <20130503004045.GC3374@momjian.us> <20130503132345.GG3374@momjian.us> <5185099B.6000604@kaltenbrunner.cc> <20130504140518.GA5625@momjian.us> <518548F4.9040109@kaltenbrunner.cc> <20130504180854.GB5625@momjian.us> <5185513A.0@kaltenbrunner.cc> <20130504182419.GE5625@momjian.us> In-Reply-To: <20130504182419.GE5625@momjian.us> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Pg-Spam-Score: -1.9 (-) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-www Precedence: bulk Sender: pgsql-www-owner@postgresql.org On 05/04/2013 08:24 PM, Bruce Momjian wrote: > On Sat, May 4, 2013 at 08:19:38PM +0200, Stefan Kaltenbrunner wrote: >> hmm pretty sure that browsers are supposed to clear session cookies if >> they are restarted otherwise you will create bad security issues. >> Consider logging in to a some site with personal information, close your >> browser hand over your laptop to somebody in the family for a quick >> browsing session and he will automatically log in to whatever site you >> been at before... > > Well, if I just go to gmail.com, it certainly knows I am bmomjian. If I > go to slashdot.org, it knows I am bmomjian too. I have to explicitly > log out if I want be logged out. erm - I guess those are using persistent (tracking) cookies(as in you clicked on "keep me signed in" at one time) vs classic session cookies, are you proposing we should impose persistent cookies on our users? Stefan -- Sent via pgsql-www mailing list (pgsql-www@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-www