[ic] long-lived sessions/carts?
Grant
emailgrant at gmail.com
Fri Feb 17 17:55:04 UTC 2012
>> I'm currently expiring sessions after 2 days:
>>
>> find /cat/tmp -type f -mtime +2 | xargs --no-run-if-empty rm && find
>> /cat/tmp -depth -type d -empty -mtime +2 | xargs --no-run-if-empty
>> rmdir && find /cat/session -type f -mtime +2 | xargs --no-run-if-empty
>> rm && find /cat/session -depth -type d -empty -mtime +2 | xargs
>> --no-run-if-empty rmdir
>>
>> Has anyone tried waiting much longer than that? Maybe 30, 60, or even
>> 90 days? When I'm shopping online, I've noticed it's nice to add
>> something to my cart and come back much later to find the item still
>> in there without having to create an account.
>>
>> - Grant
>>
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users at icdevgroup.org
>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>>
>
> It's obviously a tradeoff with security. Personally, I don't like to
> keep session open for more than a day. In some cases where I give users
> the ability to edit content, I don't keep the sessions for more than a
> couple hours. Maybe when they save a cart, you can send them an email
> with a unique key that will expire for that longer time?
> Rick
Hi Rick, so security is a consideration because an attacker could
guess IP addresses and session keys in order to gain access to someone
else's session? Is there anything sensitive kept in a
typical/standard IC session besides shipping and billing address?
- Grant
More information about the interchange-users
mailing list