I patched the session garbage collection recently to let sessions remain round for 24 hours (I think) and it's working great. But I'm thinking of changing it to use a second "remember me" cookie instead. This way garbage collection can still run (original default was 24 minutes, but I'd like to push it to an hour possibly) and people don't get logged out. Well they do, but then they're auto logged in.
The second "remember me " cookie would work just like the current one but expire at the end of the browser session.
So the question is: Is everyone happy with the current "fix" which still times a user out after 24 hours regardless, or would it be more user friendly to have (as far as the user sees) the session time out when the browser closes?
Hambrook
commented
12 years ago
I patched the session garbage collection recently to let sessions remain round for 24 hours (I think) and it's working great. But I'm thinking of changing it to use a second "remember me" cookie instead. This way garbage collection can still run (original default was 24 minutes, but I'd like to push it to an hour possibly) and people don't get logged out. Well they do, but then they're auto logged in.
The second "remember me " cookie would work just like the current one but expire at the end of the browser session.
So the question is: Is everyone happy with the current "fix" which still times a user out after 24 hours regardless, or would it be more user friendly to have (as far as the user sees) the session time out when the browser closes?