|
|
|
|
|
|
by wruza
429 days ago
|
|
|
If one doesn't want to regenerate passwords, don't log people out. The only reason this "workflow" works is that email sessions work for years, sometimes decades, without nagging users to re-login. Sites, do yourself a favor and store active sessions indefinitely and the only password-dealing scenario you'll ever see will be (1) at sign up, once per user, (2) when users clear cookies, which the login-problematic types rarely do for obvious reasons. 95% of my family password support is the sites that log them out on their own. Edit: grammar/pronouns |
|
|