moderated Re: Update login expiration on site visit #suggestion


Toby Kraft
 

Shal,
You mean the two-factor authentication that would never be invoked because the auto renewing cookie would prevent the password prompt from ever displaying????

That's exactly why the cookie expires. So that at some point in time the user proves he/she is who he/she says they are, by entering a password or via the 2 factor auth.  The time that Mark has implemented is 30 days which is generous and not onerous.

I agree it is not a big risk but I think we're beating a dead horse here and should let this discussion fade away....

Toby

Join main@beta.groups.io to automatically receive all group messages.