From: Gergő Tisza Date: Tue, 15 Nov 2016 02:51:31 +0000 (+0000) Subject: Reduce default cookie expiration time to 30 days X-Git-Tag: 1.31.0-rc.0~4847^2 X-Git-Url: http://git.cyclocoop.org/data/Luca_Pacioli_%28Gemaelde%29.jpeg?a=commitdiff_plain;h=cb58676cfb4c46d1ead641d8c59b3d6bb9c96104;p=lhc%2Fweb%2Fwiklou.git Reduce default cookie expiration time to 30 days Cookie expiration time was increased to 180 day in 7d7ebfc to make logins last longer. Since 16cea35 made login cookie length separately configurable, this setting does not make much sense anymore and should be restored to a more privacy-friendly default. Change-Id: Ia2d200a20c4954fa7cd50197f44471e98061a425 --- diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index 6c5380942b..9b02136b1e 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -6,6 +6,8 @@ MediaWiki 1.29 is an alpha-quality branch and is not recommended for use in production. === Configuration changes in 1.29 === +* Default cookie expiration time has been reduced to 30 days. Login cookie expiration time is + kept at 180 days. === New features in 1.29 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0b0016c8b1..7f5b447791 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -5864,7 +5864,7 @@ $wgProxyList = []; /** * Default cookie lifetime, in seconds. Setting to 0 makes all cookies session-only. */ -$wgCookieExpiration = 180 * 86400; +$wgCookieExpiration = 30 * 86400; /** * Default login cookie lifetime, in seconds. Setting @@ -5872,7 +5872,7 @@ $wgCookieExpiration = 180 * 86400; * calculate the cookie lifetime. As with $wgCookieExpiration, 0 will make * login cookies session-only. */ -$wgExtendedLoginCookieExpiration = null; +$wgExtendedLoginCookieExpiration = 180 * 86400; /** * Set to set an explicit domain on the login cookies eg, "justthis.domain.org"