This is needed to have a workable Real-time notification
The only concern is about the “surprising” effect which is very minor concern (and probably does not exist in the average user). And people who wants the previous behavior can still put an maximum age for a session to 10 minutes. (But almost all the installations, I saw, have increased the default timeout to at least hours)
But this implementation improves the security thanks to the fixed age of the session.
1 Like