Reduce default cookie expiration time to 30 days

Cookie expiration time was increased to 180 day in 7d7ebfc to make
logins last longer. Since 16cea35 made login cookie length separately
configurable, this setting does not make much sense anymore and should
be restored to a more privacy-friendly default.

Change-Id: Ia2d200a20c4954fa7cd50197f44471e98061a425

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 6c53809..9b02136 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -6,6 +6,8 @@ MediaWiki 1.29 is an alpha-quality branch and is not recommended for use in
 production.
 
 === Configuration changes in 1.29 ===
+* Default cookie expiration time has been reduced to 30 days. Login cookie expiration time is
+  kept at 180 days.
 
 === New features in 1.29 ===
 

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 0b0016c..7f5b447 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -5864,7 +5864,7 @@ $wgProxyList = [];
 /**
  * Default cookie lifetime, in seconds. Setting to 0 makes all cookies session-only.
  */
-$wgCookieExpiration = 180 * 86400;
+$wgCookieExpiration = 30 * 86400;
 
 /**
  * Default login cookie lifetime, in seconds. Setting
@@ -5872,7 +5872,7 @@ $wgCookieExpiration = 180 * 86400;
  * calculate the cookie lifetime. As with $wgCookieExpiration, 0 will make
  * login cookies session-only.
  */
-$wgExtendedLoginCookieExpiration = null;
+$wgExtendedLoginCookieExpiration = 180 * 86400;
 
 /**
  * Set to set an explicit domain on the login cookies eg, "justthis.domain.org"