Conflating state lifetime and logout

[samuelweiler]

What is the benefit to an application in knowing the value of isLoggedIn? My impression is that there's little to no benefit in having that data exposed - the real value here is in two separate pieces:

1. Setting state lifetimes based on some more interesting parameters. You have enumerated a possible set.
2. Telling the browser that it's okay (or advisable or desired) to destroy state - logout.

Should we instead separate those two and not expose the isLoggedIn state directly?

[johnwilander]

This has now been ported to the W3C repo. Please continue the discussion there.