[eluser]sito[/eluser]
Hi,
I have just started using CI v1.6.3 and FreakAuth_light 1.1 for one of my projects. However, I noticed a "strange" thing while playing around with FA_light. It seems that after I have logged in, if I exit the browser and restart the browser, I will stay logged in?
My question is: although FA_light stores sessions in a MySQL table, is this the intended behaviour? If so, isn't this a bit of a security risk? By the way, I am using Firefox for this test.
My follow-on question is, short of having to ask the user to manually clear out personal history when he closes the browser, how can I stop this from happening? Does shortening of the expiry time in config.php help? Or are there other possibilities?
Appreciate any help you guys can offer!
Cheers.
