Firstyear

Yeah, but the issue there is if someone can do token exfil, if the auth session max is 1 day, and they get it with 8 hours to go, they...

But also, it's about the risk threshold, that's why it's an account policy thing. if you have a high priv group, you make that limit lower, if it's just "I...

> I much prefer the idea of a short-ish inactivity timer (x hours/days) rather than an infinite session lifetime - if you have to log in after being away for...

@johansmitsnl Anyway, you can already do this with account policy, so I don't think we need to actually change anything here?

The issue is "who defines what is trusted". The user? Or the machine? Let's assume it's the user, the old "remember me" or something checkbox. Realistically what's happened is your...

@johansmitsnl Yeah, I know what the option is you want. I'm just pointing out that it's still an account policy thing, where the actual way to think of it is...

What version are you running? We had some issues with that username being forgotten we recently resolved.

Yes we could define two times, but then we have to come up with extra validation to ensure one is shorter etc. Again, thought and care needed, but possible.

I'm not sure about this. While they work in a similar way (Option vs MaybeUninit) the issue with the once cell approach is that every location we want to access...

Pretty much :)