From: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Paul Waring <paul(at)xk7(dot)net>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: Can we change auto-logout timing on wiki.postgresql.org? |
Date: | 2013-05-04 18:19:38 |
Message-ID: | 5185513A.0@kaltenbrunner.cc |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On 05/04/2013 08:08 PM, Bruce Momjian wrote:
> On Sat, May 4, 2013 at 07:44:20PM +0200, Stefan Kaltenbrunner wrote:
>> [...]
>>> I decided to look into this again and I see my preferences aren't set
>>> for me to get emails for changes on my watch list:
>>>
>>> E-mail me when a page on my watchlist is changed
>>>
>>> I am not sure of the value of a watch list if you don't get email
>>> notifications. If I try to enable that and save, I get a failure:
>>>
>>> There was either an authentication database error or you are not
>>> allowed to update your external account.
>>
>> hmm thanks for the report - that seems to be a (fairly) recently
>> introduced buglet in our custom authentication backend, it should
>> however not have resulted in any lost functionality just the above error
>> message. Should be fixed now anyway.
>
> OK, I was now able to add email notification for watch list changes.
> Let's see if I get any email when someone modifies something. It might
> take a few weeks before I would know.
hmm weird - afaiks the error message should have been cosmetic only, are
you saying that it seems to have actually prevented the notifications?
>
>>> I am not sure when that setting was changed, but I certainly didn't do
>>> it. I bet that is why I don't get wiki change notifications. Does
>>> anyone else get notifications?
>>
>> I do ;)
>
> Oh, that's interesting. Did you have those buttons checked in your
> preferences? I did not.
yeah i had them (but I'm pretty sure I had manually checked them)
>>>> the ~20min is not a MW default, it is one from debian about cleaning up
>>>> session data (again a protection machanism, http is stateless and you
>>>> don't get a "user logged off" thingy in general so we need to remove
>>>> session data in some interval to not end up with millions of session files).
>>>> And yes as said above - we have speculated only so far on what exactly
>>>> the session timeout mechanics are and if the settings we are currently
>>>> dealing with actually control what people complain about - I'm still not
>>>> sure if you are saying it does or not?
>>>
>>> I have no idea.
>>
>> hmm not sure I get that - if you restart your browser daily how are the
>> session cookies even get preserved, or do you use one of these "restore
>> session" features?
>
> Uh, well, I have the TODO list as one of my default startup tabs. Most
> websites can still use old cookies on a browser restart, e.g. Gmail,
> Slashdot.
hmm pretty sure that browsers are supposed to clear session cookies if
they are restarted otherwise you will create bad security issues.
Consider logging in to a some site with personal information, close your
browser hand over your laptop to somebody in the family for a quick
browsing session and he will automatically log in to whatever site you
been at before...
Stefan
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2013-05-04 18:24:19 | Re: Can we change auto-logout timing on wiki.postgresql.org? |
Previous Message | Bruce Momjian | 2013-05-04 18:12:31 | Re: Can we change auto-logout timing on wiki.postgresql.org? |