[Phplogcon-dev] logged in via cookie
Brian Shea
bgshea at gmail.com
Tue Dec 6 18:39:37 CET 2005
The timeout can be set for 1 year if they want to stay logged in. If they
are offline for more than 1 year, i doubt they would complain to re-login.
An option can be added to the page to similar to 'remember me' so the user
will stay loged in
On 12/6/05, Michael Meckelein <mmeckelein at hq.adiscon.com> wrote:
>
> Hi Brian,
>
> If I understand the concept of your session handling correctly, it is no
> longer possible to keep the user logged in longer than the browser
> session.
>
> I know it is more insecure remember users via cookie, but this is a
> feature most of the users like. Actually this was one of the 'have to'
> features as we introduce the user interface.
>
> The user should decide if he wants to use cookies for remembering or not
> in my opinion. Of course, we should mention in the documentation (and/or
> provide a link to "read about using cookie" or something similar) that
> using cookie can be insecure.
>
> Best Regards,
> Michael
> _______________________________________________
> Phplogcon-dev mailing list
> http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
>
More information about the Phplogcon-dev
mailing list