One of the things that we did on a recent project is to provide a message
that their session is about to expire and a button for them to click to
extend the session. Should they go beyond the allotted time for the
session, we show a message that asks for their password and we return them
to where
Hi,
I work for a very well-known publishing / corporate site that
attracts a high number of C-level global visitors. Our Security IT
department has has asked us to change our login procedures to
auto-log out user after 30 minutes (like a bank) as opposed to never
auto-expiring a login
As I am sure you are aware, there are different levels of any of
saving info.
Does the login screen need to be blank when a person is logged out
(either by choice or by system) or can there be trace information
left?
Example...
When returning to the login page:
- the person sees their name and
On Jan 5, 2010, at 3:49 PM, Devin A.Brown wrote:
Hi,
I work for a very well-known publishing / corporate site that
attracts a high number of C-level global visitors. Our Security IT
department has has asked us to change our login procedures to
auto-log out user after 30 minutes (like a bank)
On Tue, Jan 5, 2010 at 8:49 AM, Devin A.Brown wrote:
I work for a very well-known publishing / corporate site that
attracts a high number of C-level global visitors. Our Security IT
department has has asked us to change our login procedures to
auto-log out user after 30 minutes (like a bank)
Interesting side note, at work a few days ago a co-worker went to log
into their bank. When they went to the log in page of the fresh and
new bank site, it saw the cookie from the old site and logged him in.
As someone else.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
