|
|
Posted by Jonathan N. Little on 03/25/06 17:32
Jose wrote:
>> To answer your question, you need to change the session lifetime so it
>> does not expire before your user finishes reading a page.
>
> However, presumably if he's using sessions to begin with, the purpose is
> to expire a session in case the user just wandered off without logging
> off. There may be no magic number. (i.e. most users who abandon without
> logging off do so after five minutes, but those who stay will stay for
> twenty while reading stuff). If leaving an abandoned session open is
> sufficiently risky, then the original question remains.
>
That is true. There is no magic value for session expiration, I would
assume if the default is not working for him that he would have to
evaluate the risk/benefit of adjusting the time and security,
sensitivity and nature of how the data is used should be factors.
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
[Back to original message]
|