I finally came to the realization that the time I've spent getting to know the software enough to make the few changes I wanted would be wasted if I didn't do a good reorganization that the code badly needs. Hopefully that will also help us diagnose some of its performance and scalability problems (for example, I've already found that the code as it is now does 14 database queries to display the front page!)

So, I'm refactoring the code and documenting as I go, but I want to get an opinion from not only the tech folks but the list at large about what the login/logout behavior should be.

Question 1: What is the behavior of the "remember password" user option supposed to be? Please don't describe code details--I need to know WHAT it's supposed to do, not HOW (because I'm changing the latter). We already save the user's ID and some settings in a cookie (we have to to handle prefs), and we delete the cookie when the user explicitly logs out (which is good for security), requiring him to log in and specify his password again. So what's the difference between a user with this setting and a user without it? Do we want to retain the user's password in a cookie even when he logs out? We don't do that currently, so I'm just not clear what the option is supposed to do.

Question 2: What's a reasonable cookie expiration? It's currently a year, but I'm thinking a week or a month might be better for security.

Question 3: Do we "trust" cookies for such issues as sysop access? Some anonymous user could, for example, mockup the cookies of a logged-in sysop and start deleting things. Should we take measures to secure against that, or just be more relaxed and rely on making frequent backups?