[ic] long-lived sessions/carts?

Grant emailgrant at gmail.com
Fri Feb 17 17:55:04 UTC 2012

>> I'm currently expiring sessions after 2 days:
>> find /cat/tmp -type f -mtime +2 | xargs --no-run-if-empty rm && find
>> /cat/tmp -depth -type d -empty -mtime +2 | xargs --no-run-if-empty
>> rmdir && find /cat/session -type f -mtime +2 | xargs --no-run-if-empty
>> rm && find /cat/session -depth -type d -empty -mtime +2 | xargs
>> --no-run-if-empty rmdir
>> Has anyone tried waiting much longer than that?  Maybe 30, 60, or even
>> 90 days?  When I'm shopping online, I've noticed it's nice to add
>> something to my cart and come back much later to find the item still
>> in there without having to create an account.
>> - Grant
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users at icdevgroup.org
>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> It's obviously a tradeoff with security.  Personally, I don't like to
> keep session open for more than a day.  In some cases where I give users
> the ability to edit content, I don't keep the sessions for more than a
> couple hours.   Maybe when they save a cart, you can send them an email
> with a unique key that will expire for that longer time?
> Rick

Hi Rick, so security is a consideration because an attacker could
guess IP addresses and session keys in order to gain access to someone
else's session?  Is there anything sensitive kept in a
typical/standard IC session besides shipping and billing address?

- Grant

More information about the interchange-users mailing list