[Systers-dev] Fwd: cookies and sessions

[Sarah Mei]

On Sat, Jul 4, 2009 at 1:39 PM, Robin Jeffries<robin at jeffries.org> wrote:
> Based on the various discussions here, I'm coming to the conclusion that an
> openid signon, where systers is the provider for all systers apps, but no
> others, will give us the best security, the least amount of implementation
> hassle, and the best usability we can get short of no-siginon.

I agree. The cookie timeout can be changed pretty easily, so it's not
necessary to definitively decide right now when the cookie should
expire.