Forum OpenACS Development: Re: Session expiration

2: Re: Session expiration (response to 1)
Posted by Enrique Catalan on

In OpenACS HEAD, LoginTimeOut doesn't seem to work well. SessionTimeOut works ok though as well as SessionRenew and SessionSweepInterval

According to , The definition of Persistent Login is to login the user forever. Do you think would be a good idea to use a parameter to expire the persistent login? (for example, use SessionLifeTime? ). gmail seems to have 2-week-persistent login policy and in OpenACS SessionLifeTime is 1 week by default.

One more question is, Is there any reason why the values of cookies are not encrypted ?

We're working on a patch to fix the LoginTimeOut issue and improve the SessionTimeOut showing a feedback message to the user. However, I'd like to know if you're ok if we check SessionLifeTime to expire the persistent-login or have better ideas?