Remember Me - How long should be the duration
Just saw a site which said "Remember me for 开发者_开发问答3 weeks". Some of the email sites like Yahoo or Gmail offer 2 - 3 weeks as this duration. What would be an apt duration for a site which will be predominantly used by children ?
It depends on what you are protecting. The tradeoff, as you aware is between security and making life easy for users.
If this site doesn't contain sensitive data, and the user is on a home pc, it may make sense to set it to a very long time to make it easy for the child.
If the site contains sensitive information, say a bullying reporting site, it may make sense to protect the logon a bit more strongly.
精彩评论