I really appreciate the very-detailed answer. Thanks for that.
I have to say, with all sincerity, that one of the contributing factors to the huge success of big social media is that they don't require frequent logins. This is a huge factor in the public mind when they consider if they want to stop by for a quick visit.
I have gone months without re-logging in to Facebook (for example) and that fact contributes to my willingness to jump on often.
Many of us are unfortunately competing (either directly or indirectly) with big social media and having "the login barrier" ultimately affects our traffic.
I honestly feel that the cookie lifetime should be left to the discretion of the admins. They can tune the balance between convenience and security according to their application and venue.
So I do make this request for a future update.
It's perfectly fine to default the cookie lifetime to 30 days, but forcing a one-size-fits-all policy on admins is not ideal in my humble opinion.
So please consider this request for a future update.
Thanks again and I really appreciate your time.
