From cb58676cfb4c46d1ead641d8c59b3d6bb9c96104 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Gerg=C5=91=20Tisza?= Date: Tue, 15 Nov 2016 02:51:31 +0000 Subject: [PATCH] Reduce default cookie expiration time to 30 days Cookie expiration time was increased to 180 day in 7d7ebfc to make logins last longer. Since 16cea35 made login cookie length separately configurable, this setting does not make much sense anymore and should be restored to a more privacy-friendly default. Change-Id: Ia2d200a20c4954fa7cd50197f44471e98061a425 --- RELEASE-NOTES-1.29 | 2 ++ includes/DefaultSettings.php | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index 6c5380942b..9b02136b1e 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -6,6 +6,8 @@ MediaWiki 1.29 is an alpha-quality branch and is not recommended for use in production. === Configuration changes in 1.29 === +* Default cookie expiration time has been reduced to 30 days. Login cookie expiration time is + kept at 180 days. === New features in 1.29 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0b0016c8b1..7f5b447791 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -5864,7 +5864,7 @@ $wgProxyList = []; /** * Default cookie lifetime, in seconds. Setting to 0 makes all cookies session-only. */ -$wgCookieExpiration = 180 * 86400; +$wgCookieExpiration = 30 * 86400; /** * Default login cookie lifetime, in seconds. Setting @@ -5872,7 +5872,7 @@ $wgCookieExpiration = 180 * 86400; * calculate the cookie lifetime. As with $wgCookieExpiration, 0 will make * login cookies session-only. */ -$wgExtendedLoginCookieExpiration = null; +$wgExtendedLoginCookieExpiration = 180 * 86400; /** * Set to set an explicit domain on the login cookies eg, "justthis.domain.org" -- 2.20.1