Should cookies expire?
I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED])
RE: Should cookies expire?
Philip Mak [EMAIL PROTECTED] asked: I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED]) Amtrak probably has set the cookie to some internal reference indicator that remembered your session's information. When you do the next page they would use the cookies info to fetch your info. Well if I were Amtrak I wouldn't want to keep around session info for everyone who was looking forever, just incase they came back. (Most probably never do.) So they tell the cookie to expire at the same time they delete the retained info on their system. Nice and clean. But that's why I'd expire a cookie, if I were Amtrak. Your milage as well as your application may vary. --- Fulko Hew, Voice: 905-333-6000 x 6010 Senior Engineering Designer, Direct: 905-333-6010 Northrop Grumman-Canada, Ltd.Fax:905-333-6050 777 Walkers Line,Home: [EMAIL PROTECTED] Burlington, Ontario, Canada, L7N 2G1 Work: [EMAIL PROTECTED]
[OT] Re: Should cookies expire?
they expire so if you leave the computer and someone else comes into the office/internet cafe/or even your computer at home, they won't be able to reestablish your session. some sites don't expire their cookies (well they do, but like in 4 years, MSN being the worst). - Original Message - From: "Philip Mak" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 11:13 AM Subject: Should cookies expire? I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED])
Re: [OT] Re: Should cookies expire?
And if you're on one of those systems that let's you log in once and then add anything you like to your shopping cart (and purchase it, since your account already has your credit card number), then you might *want* it to log you out after just a few minutes if you get up for another espresso and end up so involved in a conversation with a mate you meet on the way to the checkout that you entirely forget your session, and end up leaving with him ('cause you know how espresso can make you ramble until you forget what you were on about...) In other words, it depends on the system. =o] The site doesn't know that you weren't buying tickets from a PC in a public library. Better safe than sorry when a customer's money is involved. --- Jules Cisek [EMAIL PROTECTED] wrote: they expire so if you leave the computer and someone else comes into the office/internet cafe/or even your computer at home, they won't be able to reestablish your session. some sites don't expire their cookies (well they do, but like in 4 years, MSN being the worst). - Original Message - From: "Philip Mak" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 11:13 AM Subject: Should cookies expire? I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED]) __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/
RE: Should cookies expire?
It's not the cookie that's expiring, per se, but the server side information that corresponds to the cookie. Indeed the fact that the site could tell you that the session had expired indicates that the cookie itself did not expire. As to why they must/should expire, remember that system resources are consumed by every session that is created. These system resources might be rows in a database table or files in a file system or whatever means the site designers are using to implement sessioning. Sessions that have been inactive for some period are usually garbage collected on the server side. The expiration time for a session is up to the site designer and is usually a function of how busy the site is expected to be and the amount of system resources available for session info. Of course, in sites where all the session information is contained in the cookie itself, this is not an issue, but on many sites the amount of information that is needed to be stored on a per-session basis is a bit large for a cookie. -Paul -Original Message- From: Philip Mak [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 2:14 PM To: [EMAIL PROTECTED] Subject: Should cookies expire? I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED])