W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > October to December 2005

session timeouts - Re: Guideline 2.2 Issue Summary

From: Isofarro <lists@isofarro.uklinux.net>
Date: Mon, 10 Oct 2005 18:53:52 +0100
Message-ID: <434AAAAF.1060802@isofarro.uklinux.net>
To: Gez Lemon <gez.lemon@gmail.com>
Cc: Christophe Strobbe <christophe.strobbe@esat.kuleuven.be>, w3c-wai-gl@w3.org

Gez Lemon wrote:
> Hi Christophe,
> 
> On 10/10/05, Christophe Strobbe <christophe.strobbe@esat.kuleuven.be> wrote:
> 
>>Issue 1645
>>[http://trace.wisc.edu/bugzilla_wcag/show_bug.cgi?id=1645]
>>L3 SC3:
>>"it would be a large burden for servers to maintain state of each session
>>indefinitely".
> 
> 
> It would be a huge burden for the server to maintain all session
> variables, and also impossible to guarantee as the server could
> restart if it runs out of memory, losing all session data. It would be
> less of a burden if the session data was stored on the user's computer
> using cookies.

Be a little wary of the practical implications of these ideas (both 
ideas). Server session timeouts are typically there as a means of a 
server reclaiming unused memory. In the UK there's also the Data 
Protection Act to consider, which, in terms of financial websites and 
its related webapplications, its not advisable to keep a session open 
indefinitely, nor is it advisable to store potentially private 
information in a cookie.


Mike
Received on Monday, 10 October 2005 17:57:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:47:40 GMT