From 5141c0ce95229123b284bbcae0d49bb4ee371692 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Thu, 18 Aug 2011 15:57:15 +0300
Subject: [PATCH] change session duration from four hours to 1 week.  related
 to issue #74

---
 browserid/app.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/browserid/app.js b/browserid/app.js
index e7b2d380b..903b52cb8 100644
--- a/browserid/app.js
+++ b/browserid/app.js
@@ -166,11 +166,13 @@ exports.setup = function(server) {
     secret: COOKIE_SECRET,
     key: COOKIE_KEY,
     cookie: {
-        path: '/',
-        httpOnly: true,
-        maxAge: 14400000,
-        secure: overSSL
-      }
+      path: '/',
+      httpOnly: true,
+      // IMPORTANT: we allow users to go 1 weeks on the same device
+      // without entering their password again
+      maxAge: (7 * 24 * 60 * 60 * 1000), 
+      secure: overSSL
+    }
   });
 
   // cookie sessions
-- 
GitLab