I have a general question about websites that use cookies to store session
information:
Why should they expire at all?
Let me give you an example. Yesterday, I was at Amtrak Rail's website to
purchase train tickets. Now, I multitask a lot, and sometimes I might
leave one browser window idle while I go to do something else.
So I'm browsing the possible rides I can get on, then I do something else
for half an hour. I go back to the browser window with Amtrak, and then
when I click something it tells me that my session has expired and I'll
have to login again!
Gritting my teeth, I login again and start the process over. This time I
finish the reservation and minimize the window.
Later that night, I want to check my reservation again. I maximize that
window and click something ... oops, session expired again!
I realize that in a computer lab environment, automatic session expiration
may be needed for security purposes, but I think in the situation
mentioned above, it was excessive.
What do people think about this?
-Philip Mak ([EMAIL PROTECTED])