[wp-trac] [WordPress Trac] #32408: Auth cookie expire vs expiration
WordPress Trac
noreply at wordpress.org
Fri May 15 06:06:30 UTC 2015
#32408: Auth cookie expire vs expiration
---------------------------+-----------------------------
Reporter: walkinonwat3r | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.2.2
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
We have the auth_cookie_expiration filter to extend the validity period of
the cookie, but regardless of the value returned, the user's login always
expires when the session ends, at latest.
Is there a security reason for not using auth_cookie_expiration's value as
the cookie expiration? Or for not having a separate filter for the cookie
expiration?
It seems a bit odd that I can set auth_cookie_expiration to sometime in
2020, but closing my browser will delete the cookie. I took a look at a
couple sites in my bookmarks, and they seem split on this:
- Google + Facebook log you out on session close
- Github + Basecamp keep you logged in
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32408>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list