Once more, LJ valid_to timespan.

Nathan D. Bowen nbowen+yadis at andtonic.com
Fri Jul 1 13:45:04 PDT 2005

Carl Howells wrote:

> So, it looks like the entire purpose of the issued and valid_to fields 
> was to give the ID server some way to specify when the user's login to 
> the consumer should expire.

I thought the purpose of valid_to was to ensure that an identity 
response will not be used to *initiate* a log-in after the response 
reaches a certain age.

I don't think there's much to be gained from specifying when the user 
must log back out -- is there?

You'd want to give the user time to complete a log-in on a congested 
network (or when LiveJournal's really busy). Maybe with an AJAX consumer 
you'd want to give the user time to write a comment, too. But there's 
some reasonable limit for the amount of time between the server creating 
a response and the consumer receiving it.

Come to think of it, though, since the server is sending the "issued" 
time already, maybe it would've made more sense to let the consumer 
decide how long to wait before considering the response "too old".

It's the consumer, not the server, who knows if the response is being 
used in a comment form with or without holding it in AJAX for awhile, or 
in a login form, or whatever.

More information about the yadis mailing list