Open gregdizzia opened 10 years ago
I've set the max expiration time to a day now. For security reasons, it will log you out if you log in from another IP. Will look into the security concerns of letting people stay signed in indefinitely.
If we allow indefinite sign in, we would definitely need a way to disconnect arbitrary sessions, for example: https://www.facebook.com/settings?tab=security§ion=sessions
It would be nice to tick a box in the settings that kept you signed in for an extended period of time (until logout) on that machine.
Or maybe even just have the cookie valid for two or so hours, refreshing on session activity.