Would it be possible for a user to create a small javascript to replace the default cookie by another one which doesn't expires?
Helder
On Sun, Aug 22, 2010 at 16:20, Max Semenik maxsem.wiki@gmail.com wrote:
I propose to raise the default ($wgCookieExpiration) at least to 90 days from current 30.
This setting was supposed to combat leakage of logged in sessions by making them expire before before an attacker grabs them. However, cookie expiry does little to stop bad guys and annoys good ones:
- Once you've left a public PC without clicking on "log out", your
session is already compromised, even making cookies session-only won't help.
- If nobody looks specifically for your session, they can stumble upon
it accidentally, while browsing the same site as you did. Lowish expiry time can indeed help lessen this possibility, however with Wikipedia's popularity there's pretty solid chance that someone will visit it from a public teminal within hours, not days. Less popular sites are, on the other hand, protected by smaller possibilities of someone looking for them.
- MediaWiki provides no way to adjust preferences without having an
account, so advice "register and set this or that in 'my preferences'" is pretty popular these days. However, the need to log in every month which is mildly annoying for wiki regulars, may have a drastic effect on casual visitors. "You told me to register and when I did, I had to relogin after a couple of visits!!1"
Taking this all into account, I see no reason to keep the current default.
-- Max Semenik ([[User:MaxSem]])
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l