I'm using standard HTTP transient cookies (that is, cookies without a max-age/expire parameters, that expire after the user closes the browser) to track users session.
This solution works good, and easy to implement, but doesn't handle the case where a user "never" closes his browser (for example a user that always put his computer in standby without closing the browser), and the transient cookie doesn't expire.
I know that in HTTP standard there isn't a way to force a transient cookie to expire when the user closes his browser OR after a specified timespan (example: six hours). Is there a sort of "best practice" to handle the expiration of a transient cookie after X minutes/hours/day?
Aucun commentaire:
Enregistrer un commentaire