python consumer, checking authentications
Supercharged
vkusnaya at gmail.com
Tue Mar 13 03:58:14 PST 2007
Is it okay to keep user signed in for two weeks? Otherwise what
openid_mode and which parameters should I use to authenticate user at
the next session? I want my users to be able to keep auth status for
longer period of time, not just one session. And I don't want to
bother them with authentications each time they want a new session
(each time they close and open browser window).
On 3/13/07, Kevin Jardine <kevin at radagast.biz> wrote:
> >
> > But this is problematic... if the user logs out of their IDP we should
> > invalidate the session cookie, right?
>
> There are much more experienced OpenID gurus on the list, but I would
> think that the answer to this would be no, in general. The purpose of an
> IDP is to verify an identity (and perhaps to transfer some initial
> profile data). Once that is done, a session can be kept open for as long
> as the user and client application feels comfortable doing so, quite
> independently of the IDP.
>
> Cheers,
> Kevin
>
>
> --
> Kevin Jardine
> Radagast Solutions
>
> Internet campaign advice and magic
> http://radagast.biz
>
> YIM: kevinjardine
> Skype: kevinjardine
> Eml: kevin at radagast.biz
> Tel: +31 (0)6 25581608
>
> _______________________________________________
> Dev mailing list
> Dev at lists.openidenabled.com
> http://lists.openidenabled.com/mailman/listinfo/dev
>
More information about the Dev
mailing list