Forum OpenACS Q&A: Response to Cookie Expiration Recommendations

Posted by David Walker on
Do both.

Option 1 limits the amount of time a hacker who somehow manages to steal a cookie has to break into your site as well as limiting the ability of someone to sit down at that person's desk and use your site.

Option 2 limits the ability of someone sitting down at that person's desk and start using their logged in session.

Accomplish option 1 with the following parameters from parameters/site.tcl
        ns_param SessionTimeout 7200
        ns_param SessionLifetime 10800

and option 2 with this parameter
        ns_param PersistentLoginDefaultP 0