It looks like sessions never expire. In itself that's not bad, but because it's tied to a cookie, it feels like my old old old computer browser can give access to my old old old session. An end-user has no control over their user session, so ideally some kind of 'remove old sessions' should be needed?
I haven't tested/tried this, so i might easily be wrong :)
It looks like sessions never expire. In itself that's not bad, but because it's tied to a cookie, it feels like my old old old computer browser can give access to my old old old session. An end-user has no control over their user session, so ideally some kind of 'remove old sessions' should be needed?
I haven't tested/tried this, so i might easily be wrong :)