On 04/27/2013 08:55 AM, Joshua D. Drake wrote:
>
> On 04/26/2013 11:39 PM, Stefan Kaltenbrunner wrote:
>
>> interesting hint - thanks.
>>
>> I have now increased the relevant timeouts to 6h - lets see how that
>> goes..
>
> FTR, I don't think we should autologout people or at least it should be
> set to something like 7D.
well from a security perspective it is usually advisable to keep session
lifetimes as short as possible, I agree that the current setup was way
to aggressive, but 6h already results in a 6-15x increase of what we had
before. We can always adjust upwards if we people are really working 6h+
on an article but lets see first if this change really fixes the issue
berkus complained about.
Stefan