Re: Can we change auto-logout timing on wiki.postgresql.org?

On Sat, May 4, 2013 at 7:19 PM, Stefan Kaltenbrunner
<stefan(at)kaltenbrunner(dot)cc> wrote:
> hmm pretty sure that browsers are supposed to clear session cookies if
> they are restarted otherwise you will create bad security issues.
> Consider logging in to a some site with personal information, close your
> browser hand over your laptop to somebody in the family for a quick
> browsing session and he will automatically log in to whatever site you
> been at before...

What is this "close your browser"? Are you sure you know when you
close your browser? What about background tasks that might keep the
browser process running even with no windows? And just because you
want Gmail open why does that mean you want to keep credentials for
Facebook and Amazon loaded? Or does it happen when you close the
window? What if there were other windows or if some other site had an
iframe on the web site you're trying to close that you didn't even
know about? When do you "close your browser" on your phone?

Now that the web is more of an application platform each application
needs to think about when it wants the credentials or other local data
it uses to expire and arrange for it to happen as desired. Depending
on a concept like "close the browser" means not really knowing when it
will happen.

--
greg