minimum for a cookie: 3 days imho.
Quote:
Originally Posted by ServerGenius
We use a double system using 1 a cookie and 2 an encoded string based on
ip and some other surfer variables which is stored server side. We compare
these 2 to prevent, detect and report malicious cookie manipulations
like for example zango does.....so if the 2 don't match up the server stored
entry is being used for tracking and we're being alerted for possible fraud.
 |
maximum for that server side stored info: half an hour. (Otherwise you are encouraging cookie stuffing attacks).