[mmahemoff]

Regarding how long to keep the "remember me" cookie for, this is one of the overlooked reasons why native apps are eating the web's breakfast. When was the last time you have to re-authenticate on a native mobile app?

Maybe it happens on some finance/banking apps, but I don't recall seeing it on apps like Facebook or Kindle for example.

Web developers could, for example, add longer times if the user agent is mobile.

And Troy is spot on about the middle ground of "logged-in-ness". Developers are finally realising what Amazon knew all along, that it's not binary. You can keep the user partially logged in, while requiring authentication to perform sensitive tasks.

[winthrowe]

> When was the last time you have to re-authenticate on a native mobile app?

All the time. The Facebook android app is horrible.

[randomchars]

Not for me. Did you by any chance move the app to your SD card? Apps that use the android Sync provider don't work if they're moved.

[bmm6o]

Not to refute your experience, but I've never had to re-auth facebook on my android.

[sergiosgc]

Yup. Mozilla persona browser integration should already be here. Then, web apps can delegate auth to the browser much as native apps delegate to the operating system.