ADMIN_COOKIE_LIFE now defaults to 0. This means Mailman will now use

session cookies instead of persistent cookies for admin authentication (i.e. the cookie expires when the the browser exits).
author: bwarsaw 2000-07-20 20:04:13 +0000
committer: bwarsaw 2000-07-20 20:04:13 +0000
commit: b75122ba45daaee5eed59df7eb38dde7fb7d1a04 (patch)
tree: 4d9e53aba77c98a58b7f5d19a4c11c638acc6bdd /Mailman
parent: be8a2c38ea8fefdf483ea9688c2c9edbbd9e7e16 (diff)
download: mailman-b75122ba45daaee5eed59df7eb38dde7fb7d1a04.tar.gz
mailman-b75122ba45daaee5eed59df7eb38dde7fb7d1a04.tar.zst
mailman-b75122ba45daaee5eed59df7eb38dde7fb7d1a04.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 4878e4b45..27a52c0fc 100644
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -369,9 +369,12 @@ LIKELY_BOUNCE_SENDERS = ('daemon', 'mailer-daemon', 'postmaster',
 # General time limits
 #####
 
-# How long should the cookie authorizing administrative changes via the admin
-# cgi last before it needs to be reauthenticated?
-ADMIN_COOKIE_LIFE = hours(3)
+# Authentication cookie control.  When set to 0, Mailman's admin cookie
+# expires at the end of your session.  This is preferred for security reasons,
+# and to avoid potential problems with incorrect clock and timezone settings.
+# Set this to a value > 0 to use persistent admin cookies with a lifetime of
+# that number of seconds.
+ADMIN_COOKIE_LIFE = 0
 
 # How long should subscriptions requests await confirmation before being
 # dropped?
author	bwarsaw	2000-07-20 20:04:13 +0000
committer	bwarsaw	2000-07-20 20:04:13 +0000
commit	b75122ba45daaee5eed59df7eb38dde7fb7d1a04 (patch)
tree	4d9e53aba77c98a58b7f5d19a4c11c638acc6bdd /Mailman
parent	be8a2c38ea8fefdf483ea9688c2c9edbbd9e7e16 (diff)
download	mailman-b75122ba45daaee5eed59df7eb38dde7fb7d1a04.tar.gz mailman-b75122ba45daaee5eed59df7eb38dde7fb7d1a04.tar.zst mailman-b75122ba45daaee5eed59df7eb38dde7fb7d1a04.zip