Re: Can we change auto-logout timing on wiki.postgresql.org? - Mailing list pgsql-www
| From | Stefan Kaltenbrunner |
|---|---|
| Subject | Re: Can we change auto-logout timing on wiki.postgresql.org? |
| Date | |
| Msg-id | 5185513A.0@kaltenbrunner.cc Whole thread Raw |
| In response to | Re: Can we change auto-logout timing on wiki.postgresql.org? (Bruce Momjian <bruce@momjian.us>) |
| Responses |
Re: Can we change auto-logout timing on
wiki.postgresql.org?
Re: Can we change auto-logout timing on wiki.postgresql.org? |
| List | pgsql-www |
On 05/04/2013 08:08 PM, Bruce Momjian wrote: > On Sat, May 4, 2013 at 07:44:20PM +0200, Stefan Kaltenbrunner wrote: >> [...] >>> I decided to look into this again and I see my preferences aren't set >>> for me to get emails for changes on my watch list: >>> >>> E-mail me when a page on my watchlist is changed >>> >>> I am not sure of the value of a watch list if you don't get email >>> notifications. If I try to enable that and save, I get a failure: >>> >>> There was either an authentication database error or you are not >>> allowed to update your external account. >> >> hmm thanks for the report - that seems to be a (fairly) recently >> introduced buglet in our custom authentication backend, it should >> however not have resulted in any lost functionality just the above error >> message. Should be fixed now anyway. > > OK, I was now able to add email notification for watch list changes. > Let's see if I get any email when someone modifies something. It might > take a few weeks before I would know. hmm weird - afaiks the error message should have been cosmetic only, are you saying that it seems to have actually prevented the notifications? > >>> I am not sure when that setting was changed, but I certainly didn't do >>> it. I bet that is why I don't get wiki change notifications. Does >>> anyone else get notifications? >> >> I do ;) > > Oh, that's interesting. Did you have those buttons checked in your > preferences? I did not. yeah i had them (but I'm pretty sure I had manually checked them) >>>> the ~20min is not a MW default, it is one from debian about cleaning up >>>> session data (again a protection machanism, http is stateless and you >>>> don't get a "user logged off" thingy in general so we need to remove >>>> session data in some interval to not end up with millions of session files). >>>> And yes as said above - we have speculated only so far on what exactly >>>> the session timeout mechanics are and if the settings we are currently >>>> dealing with actually control what people complain about - I'm still not >>>> sure if you are saying it does or not? >>> >>> I have no idea. >> >> hmm not sure I get that - if you restart your browser daily how are the >> session cookies even get preserved, or do you use one of these "restore >> session" features? > > Uh, well, I have the TODO list as one of my default startup tabs. Most > websites can still use old cookies on a browser restart, e.g. Gmail, > Slashdot. hmm pretty sure that browsers are supposed to clear session cookies if they are restarted otherwise you will create bad security issues. Consider logging in to a some site with personal information, close your browser hand over your laptop to somebody in the family for a quick browsing session and he will automatically log in to whatever site you been at before... Stefan