So... if a user has a cookie life of 0.5 hours, and stays online beyond that, but doesn't do anything that asks for the cookie (such as hanging out in a Forum), then it might be possible that the user would be asked for a fresh login if the user causes a cookie "challenge" after the 0.5 hour TTL?
I've over simplified the situation... I'm trying to decide if the security of short-life cookies outweighs the user satisfaction benefits created by longer-lived cookies and single sign-on configurations.
Alan Frayer
Don't just read the news - make the news!
Your World News - http://yourworldnews.frayernet.com
I've over simplified the situation... I'm trying to decide if the security of short-life cookies outweighs the user satisfaction benefits created by longer-lived cookies and single sign-on configurations.
Alan Frayer
Don't just read the news - make the news!
Your World News - http://yourworldnews.frayernet.com