Bug: user gets kicked off

[iliakan]

Let's take a site with 15 mins session cookie timeout as an example.

Here's what happens:

1. Bob gets a session.
2. Bot interacts with the site without modifying the session. He does not get any cookie renewal because of that.
3. After 15 minutes, Bob's cookie expires and he is kicked off.

Using rolling: true seems to prevent this (but resubmits whole session to db each time, not optimized).

But... the behavior is kind of strange, it seems natural that we don't want to kick out Bob while he's browsing the site. Maybe make session time-out on inactivity period by default?

[dead-horse]

maybe we should set a logger exprie time like 1 day. and if Bob clicked _Remember me_, give him a much logger expire time in cookie's setting.

[catamphetamine]

@iliakan Ilya, have a look at my fix for this issue:
#76

[iliakan]

@halt-hammerzeit it's not an issue for me any more, because of rolling:true and resaving session each time.

Maybe this was a question about making the behavior default or pushing it in the docs, cause it's kind of "what we used to want" :)