From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Paul Waring <paul(at)xk7(dot)net>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: Can we change auto-logout timing on wiki.postgresql.org? |
Date: | 2013-05-04 21:43:36 |
Message-ID: | 20130504214336.GA21630@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On Sat, May 4, 2013 at 10:23:14PM +0200, Stefan Kaltenbrunner wrote:
> On 05/04/2013 08:24 PM, Bruce Momjian wrote:
> > On Sat, May 4, 2013 at 08:19:38PM +0200, Stefan Kaltenbrunner wrote:
> >> hmm pretty sure that browsers are supposed to clear session cookies if
> >> they are restarted otherwise you will create bad security issues.
> >> Consider logging in to a some site with personal information, close your
> >> browser hand over your laptop to somebody in the family for a quick
> >> browsing session and he will automatically log in to whatever site you
> >> been at before...
> >
> > Well, if I just go to gmail.com, it certainly knows I am bmomjian. If I
> > go to slashdot.org, it knows I am bmomjian too. I have to explicitly
> > log out if I want be logged out.
>
> erm - I guess those are using persistent (tracking) cookies(as in you
> clicked on "keep me signed in" at one time) vs classic session cookies,
> are you proposing we should impose persistent cookies on our users?
I find the use of the word "impose" curious. How do such cookies
"impose"? Is it storage imposition? Security imposition? From a user
perspective, it seems like a feature, not an imposition.
One nice thing our site does is when you click "login", it logs you in
without requiring me to actually see or type the username/password. I
have no idea how we do that, so I suspect there must be some cookie
activity.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
From | Date | Subject | |
---|---|---|---|
Next Message | Jonathan S. Katz | 2013-05-06 18:14:37 | Listing of PUGs Patch |
Previous Message | Stefan Kaltenbrunner | 2013-05-04 20:23:14 | Re: Can we change auto-logout timing on wiki.postgresql.org? |