[Sigia-l] time-out session lengths, security, and user tasks
MJJAIXEN at up.com
MJJAIXEN at up.com
Tue Nov 12 09:22:56 EST 2002
Depending on the task, those timeout messages can be more annoying than the
actual timeout. Last week, I sat down and tried to balance my checkbook
register, my bank account, and my personal finance program from a large
software company in Redmond. After a disasterous attempt to let the
software merge it's data with the bank's web site, I then had to go through
3 months worth of data to find the errors. I could run a report online
that would give me the data I needed, but every 10 minutes, the report
would
disappear with a prompt asking me if I wanted to stay logged in. Sometimes
I would catch the message; sometimes I wouldn't if I had overlayed the
browser session with my finance software, or if I had my head in my paper
register looking for a value.
Finally, I ended up killing the trees and working at the living room table.
"Ziya" wrote:
There's a variation on this: as the "magic" minute approaches, send the
user
a confirmation (Your session is about to expire, do you want to continue?).
If you don't get an answer to this confirmation in a "reasonable" (short)
time :-) then kill the session. This way the session can be legitimately
prolonged, for those who need it.
More information about the Sigia-l
mailing list