If users do not properly log out, we currently retain their info forever. We may want to auto-logout after a while (2 weeks?).
Should cookie have an expiration date that we also put into the user struct? Can we change that when users perform actions?
If users do not properly log out, we currently retain their info forever. We may want to auto-logout after a while (2 weeks?).
Should cookie have an expiration date that we also put into the user struct? Can we change that when users perform actions?