[Sigia-l] time-out session lengths, security, and user tasks
Peter Merholz
peterme at peterme.com
Mon Nov 11 21:48:39 EST 2002
> > But I think the main question is, "Why?"
>
> There is a damn good reason for this.
Karl, while you address the needs for a specific situation, a bank, and
successfully answer the main question, that
a) doesn't answer the question in all instances
and
b) provides little guidance for any notion of "why 20 minutes".
As someone who has shopped on sites where Broadvision is used, and thus lost
shopping carts after having been dormant for 20 minutes, I think my question
is fair.
My main point is that people DON'T question. That they let IT folks run
ramrod with technical issues that might not actually be relevant. Because
I'm sure, if I talked to those ecommerce sites with session timeouts, they'd
say, security and/or processes. And if I asked, "Well, what about
Amazon.com?" They'd have no good answer.
I'm not saying that the technological solution is simple. But, it's
important that providers of services on the Web take on a little pain to
make life easier for their users.
The degree which people will roll over for issues of security or CPU time
distresses me.
--peter
More information about the Sigia-l
mailing list