Max Semenik wrote:
I propose to raise the default ($wgCookieExpiration) at least to 90 days from current 30.
What's the reason for having the cookie expire at all (or expire in any reasonable timeframe)? I'm not sure I see what security benefits any expiry provides (much less a 30-day one) given the rampant use of password stores in browsers.
Another option would be to add a user preference for cookie expiry, but suggesting the addition of new user preferences usually activates the Aryeh rage machine. :-)
MZMcBride