Could someone explain exactly what is behavior is controlled by the config parameters COOKIE_ALIVE_TIME, SESSION_ALIVE_TIME, SESSIONS_STORAGE_ALIVE_TIME and SESSION_ONLINE? The one-line description I see in the config file is not clear enough to me.
The behavior I'm trying to achieve in Customer area is:
1. Once the customer signs in and selects 'Remember Me', the browser should recognize the customer for, effectively forever.
2. If the customer does not select 'Remember Me', the browser should stop recognizing the customer in 2 hours.
3. Regardless of the behavior in #1 and #2, the customer should be prompted to enter their password and re-authorize on Checkout and Edit Profile pages after every 15 minutes.
So I'm looking for three modes:
1. Unrecognized - No cookie/session. Anonymous customer
2. Recognized - A cookie and/or session tells me who the customer is
3. Authorized - For higher security operations, only valid for short periods of time
Is it possible to achieve this behavior using the above config values?