set a longer expiry on bakery cookies for d.o

This is because the bakery cookie is limited to 12 hours time.

We figured a serious Drupal user would visit d.o at least once every 12 hours.

LOL, cute. Love the CHOCOLATECHIP cookie d.o sets, too, BTW. Any ideas for a fix, though?

It's not broken, this is a config issue. We decided 12h would be enough.

Could the setting be changed basing on this report?

In principle yes.

I think that 24-48 hours would be a valid value, if there are not other reasons to not increase it.
Clearly, 24 days is too much, IMO.

I also vote for at least 48 hours. 12 hours seems a bit too short especially if you're not doing Drupal work full time.

If there were some serious transactions going on through this site, like buying goods or moving money, I can see a justification for keeping it short. Since this is mostly an informational site, we should be able to keep it longer.

#3 based on what converstaion ?

Many have expressed their interest keeping session alive longer than 12h, especially if you consider weekends. 2-3 day long session to account weekends would be perfect solution imho (and others).

Ditto, the 12h thing is seriously annoying to me. I also use three different computers, usually not on the same day. I'd be highly in favour of 2-3 days.

I think that a possible value could range from 2 to 5 days. Especially in the week ends, 2 days can be a value too restrictive.
I don't know if there are some cons in increasing the value so much; I don't see any reason to not do it, but probably somebody could find a reason to not increase the value.

Can anyone explain why the login cookies don't last for many weeks, like virtually every other site on the internet?
Exactly what advantage is there to anyone, to have to login every 12 hours?
If I understood why I had to login every time, maybe I wouldn't feel so pissed off about it?

Also, virtually 99% of all other websites allow you to over-ride the default setting with a 'remember me' checkbox.
Is there a good reason Drupal doesn't provide one of these in core? Is there a good reason Dorg doesn't use a module?
Would this be a solution: keep the default at 12 hours, but provide a box for those needing longer?

Cheers.

Queue clean up

Moving to feature request.

Can anyone explain why the login cookies don't last for many weeks, like virtually every other site on the internet?

One example of why long session lifetimes can be an issue;
I login to d.o. at work on a company machine while eating lunch. I forget to logout and the session doesn't die when the browser is closed. Anyone else who sits at this machine now has access to my d.o account or any account on any site I'm logged into with extended sessions.

I was just hit with this annoying behavior *again* both friday and saturday. Just how many votes does it take to change this behavior ?

I think that is not just a problem to increase the lifetime of the sessions; as VeryMisunderstood reported (and I agree with him), long sessions could be a problem for somebody, or in some cases.

Rather than changing the sessions lifetime, it would be useful to allow to the users to decide if they want a longer session, as it is only the users who know from which computer they are connected.
In the situation as described from VeryMisunderstood, also 12 hours could be too much; differently, in my situation, 24-48 hours would be a good value, especially because I use only the computer I have at home, and nobody else uses my computer (and therefore, nobody can write something on Drupal.org using my account). Other people can have different needs, and probably there isn't a value for which everybody agrees.

Virtually every other website on the internet has no session retention, unless you tick a 'remember me' box which usually lasts for a couple of weeks. If you want the website to forget, you simply log-out. There is a module that provides such a box. I don't understand why Dorg doesn't just use that.

Why is drupal somehow different from nearly every other website on the Net anyway?
It's incredible that the choice of providing a 'remember me' box isn't in core!

Anyway, the way it is now, you could still forget to log-out and for the REST OF THE DAY someone else can login as you, so I don't see how the particular issue of forgetting to log out is solved by a 12-24 hour session retention? It seems a pretty weak reason for forcing thousands of people to login to Dorg every single day.

Maybe there is another reason? As I said, the most frustrating thing about this isn't the actually logging in itself; it is not understanding *why* you're being forced to login everyday.

I have a desire to expand on the topic of "Some people's forgetfulness should not penalize others" however, i think you get the point.

This is a religious battle of opinions. I fear rationalization will not help here and we have to come up with a different approach.

An idea mentioned above of "remember me" checkbox satisfies both camps, those that wish to use it and those that do not.

The million dollar question is: How do we proceed and will this solution be accepted on d.o?

Setting appropriate issue status in order to gain attention from webmasters to pass the judgement.

I am seeking constructive suggestion/steps which must be taken in order to get this feature to d.o. (ex: write patch, find testers, who to talk to, etc etc)

A more accurate title. Also, the person to make the final call here is probably Killes and he is on vacation until January. So, new comments before then are likely pointless.

I am not yet on vacation. I am not oposed to increase the time. How about 3 days?

Just to clarify my perspective, I'm actually against simply raising the session retention. I feel it would be better to have a very low session retention by default for the reasons stated (eg. forgetting to log out on a shared computer), but then to provide a 'remember me' box, for those that want to use it, set to something reasonable (such as 48 to 36 hours, although two weeks would be fine for my personal taste).

I should also mention that for the last few months firefox has had a problem with my Dorg saved password. I thought it was Dorg making me type my name and password in each day, but in fact once I had deleted a malformed, duplicate entry in my saved passwords list, firefox now fills in the form automatically. That goes a long way to solving my personal annoyance, as now I just have to click the login button.

3 days is fine, IMO.

To increase the cookies expiration should be done until Drupal.org doesn't implement a way to allow to users to decide how long the session cookies should last (if such feature will ever be implemented).

I've set it to 3 das on d.o. The webmasters of the slave sites need to do so as well in order to be effective.

Groups is updated to 259200 seconds.