If the session has expired, validation always fails, right? See https://github.com/isometriks/IsometriksSpamBundle/blob/master/Form/Extension/Spam/Provider/SessionTimedSpamProvider.php#L35
So I would set the default for timed_spam_max to null, so that the user's default session timeout setting (i.e. session.gc_maxlifetime in php.ini) kicks in. Otherwise, people keeping the default, will have 2 different timeout settings in place.
If the session has expired, validation always fails, right? See https://github.com/isometriks/IsometriksSpamBundle/blob/master/Form/Extension/Spam/Provider/SessionTimedSpamProvider.php#L35
So I would set the default for
timed_spam_maxtonull, so that the user's default session timeout setting (i.e.session.gc_maxlifetimeinphp.ini) kicks in. Otherwise, people keeping the default, will have 2 different timeout settings in place.