Max Semenik wrote:
I propose to raise the default ($wgCookieExpiration)
at least to 90
days from current 30.
What's the reason for having the cookie expire at all (or expire in any
reasonable timeframe)? I'm not sure I see what security benefits any expiry
provides (much less a 30-day one) given the rampant use of password stores
in browsers.
Another option would be to add a user preference for cookie expiry, but
suggesting the addition of new user preferences usually activates the Aryeh
rage machine. :-)
MZMcBride