Once more, LJ valid_to timespan.
Nathan D. Bowen
nbowen+yadis at andtonic.com
Fri Jul 1 13:45:04 PDT 2005
Carl Howells wrote:
> So, it looks like the entire purpose of the issued and valid_to fields
> was to give the ID server some way to specify when the user's login to
> the consumer should expire.
I thought the purpose of valid_to was to ensure that an identity
response will not be used to *initiate* a log-in after the response
reaches a certain age.
I don't think there's much to be gained from specifying when the user
must log back out -- is there?
You'd want to give the user time to complete a log-in on a congested
network (or when LiveJournal's really busy). Maybe with an AJAX consumer
you'd want to give the user time to write a comment, too. But there's
some reasonable limit for the amount of time between the server creating
a response and the consumer receiving it.
Come to think of it, though, since the server is sending the "issued"
time already, maybe it would've made more sense to let the consumer
decide how long to wait before considering the response "too old".
It's the consumer, not the server, who knows if the response is being
used in a comment form with or without holding it in AJAX for awhile, or
in a login form, or whatever.
More information about the yadis
mailing list