You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Let's take a site with 15 mins session cookie timeout as an example.
Here's what happens:
Bob gets a session.
Bot interacts with the site without modifying the session. He does not get any cookie renewal because of that.
After 15 minutes, Bob's cookie expires and he is kicked off.
Using rolling: true seems to prevent this (but resubmits whole session to db each time, not optimized).
But... the behavior is kind of strange, it seems natural that we don't want to kick out Bob while he's browsing the site. Maybe make session time-out on inactivity period by default?
The text was updated successfully, but these errors were encountered:
Let's take a site with 15 mins session cookie timeout as an example.
Here's what happens:
Using
rolling: true
seems to prevent this (but resubmits whole session to db each time, not optimized).But... the behavior is kind of strange, it seems natural that we don't want to kick out Bob while he's browsing the site. Maybe make session time-out on inactivity period by default?
The text was updated successfully, but these errors were encountered: