No subject

server.

P@

> -----Original Message-----
> From: sigia-l-admin at asis.org [mailto:sigia-l-admin at asis.org]On Behalf Of
> Listera
> Sent: Monday, November 11, 2002 3:44 PM
> To: sigia-l at asis.org
> Subject: Re: [Sigia-l] time-out session lengths, security, and user
> tasks
>
>
> "Peter Merholz" wrote:
>
> > In my ideal world, there would be no session timeouts.
>
> If you have a very busy site, with a very large number of users, the server
> would be overburdened with the task of keeping so much session info alive.
> Keeping them in live memory would mean that RAM needs to be allocated and if
> there's a crash, all the info is lost. Keeping them in a DB would mean
> frequent trips to the DB, thereby reducing efficiency of the DB pipe.
> Writing them to disk would mean slow disk I/O. Keeping them in cookies would
> mean frequent parsing, re-writing, etc. So if the user numbers are high,
> this becomes a considerable issue.
>
> > Can you ask the security folks to give a good reason for a session timeout?
>
> Not all decisions made by technical/security folks are daft. Sometimes there
> are good reasons. The problem arises when folks look for "industry
> standards" and magic numbers, etc.
>
> Best,
>
> Ziya
>
> ------------
> When replying, please *trim your post* as much as possible.
> *Plain text, please; NO Attachments
>
> ASIST Annual Meeting:
> http://www.asis.org/Conferences/AM02/index.html
>
> ASIST SIG IA website: http://www.asis.org/SIG/SIGIA/index.html
> Searchable list archive:   http://www.info-arch.org/lists/sigia-l/
> ________________________________________
> Sigia-l mailing list -- post to: Sigia-l at asis.org
> Changes to subscription: http://mail.asis.org/mailman/listinfo/sigia-l
>