Forum OpenACS Q&A: Response to Cookie Expiration Recommendations

Posted by Jonathan Ellis on
finally, the reason that it's ok that session_id expires after N seconds (rather than on browser close) is that sec_read_security_info requires both session_id and user_login cookies to be set.  the later is only set if user says "save this info on my computer."