[Sigia-l] time-out session lengths, security, and user tasks
John McCrory
JMcCrory at Vera.org
Mon Nov 11 18:38:31 EST 2002
I have an intranet publishing application with about 100 users, and we
quickly found that the 20 minute timeout that is the default setting was not
enough. The question we then asked was, "What is the longest amount of time
a user task could reasonably take before the user will take some kind of
action that would reset the counter -- clicking "save" for example.
We found that users would sometimes spend as much as an hour revising a text
without saving. My research wasn't especially scientific, but we settled on
45 minutes, and we strongly encouraged users to develop the habit of
clicking "save" every 5 to ten minutes.
Another thing I just thought of: one could create an animated gif that
appears on each page that counts down the time, and flashes a message like
"Save Now!" as it approaches the timeout limit (sort of like a gas gauge
approaching empty). Hmm -- I think I'll do just that.
John McCrory
Webmaster
Vera Institute of Justice
http://www.vera.org/
More information about the Sigia-l
mailing list