[Sigia-l] time-out session lengths, security, and user tasks
Patrick Neeman
pat at nexisinteractive.com
Mon Nov 11 17:51:43 EST 2002
The magic 20 minute number isn't magic: it's the default setting for IIS (Windows' Web Server).
In most secure situations, 20 to 30 minutes seems to be the accepted standard.
P@
Patrick Neeman
pat at nexisinteractive.com <mailto:pat at nexisinteractive.com>
949 643-0910 land
949 633-3054 cell
949 215-1659 fax
nexis interactive
our skills. your solutions.
------------------------------------------
Signs Evil Forces Are Out To Get You:
Roommate's note on fridge:
"Evil Forces called. Will try back later."
> -----Original Message-----
> From: sigia-l-admin at asis.org [mailto:sigia-l-admin at asis.org]On Behalf Of
> Christy Mylks
> Sent: Monday, November 11, 2002 2:52 PM
> To: sigia-l at asis.org
> Subject: [Sigia-l] time-out session lengths, security, and user tasks
>
>
> Hello All:
> I hope this isn't considered off-topic for this list, but I have a question
> that comes up sometimes when designing for websites with security issues.
> Are there any actual standards (official or conventional) for how long you
> can let your users remain "inactive" on a secure site before it times out
> on them?
>
More information about the Sigia-l
mailing list