W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > October to December 2005

RE: session timeouts - Re: Guideline 2.2 Issue Summary

From: Gregg Vanderheiden <gv@trace.wisc.edu>
Date: Mon, 10 Oct 2005 13:59:22 -0500
To: "'Gez Lemon'" <gez.lemon@gmail.com>, <w3c-wai-gl@w3.org>
Message-ID: <006201c5cdcc$ba6d87d0$8c17a8c0@NC6000BAK>


How about "at least 10 times the timeout period".  That would allow you to
drop people who left the process but keep most all people who are just


 -- ------------------------------ 
Gregg C Vanderheiden Ph.D. 
Professor - Ind. Engr. & BioMed Engr.
Director - Trace R & D Center 
University of Wisconsin-Madison 

-----Original Message-----
From: w3c-wai-gl-request@w3.org [mailto:w3c-wai-gl-request@w3.org] On Behalf
Of Gez Lemon
Sent: Monday, October 10, 2005 1:47 PM
To: w3c-wai-gl@w3.org
Subject: Re: session timeouts - Re: Guideline 2.2 Issue Summary

On 10/10/05, Isofarro <lists@isofarro.uklinux.net> wrote:
> Be a little wary of the practical implications of these ideas (both 
> ideas). Server session timeouts are typically there as a means of a 
> server reclaiming unused memory. In the UK there's also the Data 
> Protection Act to consider, which, in terms of financial websites and 
> its related webapplications, its not advisable to keep a session open 
> indefinitely, nor is it advisable to store potentially private 
> information in a cookie.

Good points, Mike. The only other technique I can think of would be to offer
registration and keep the transaction in a database, which would allow them
a reasonable amount of time (however much the administrator could afford for
a transaction table) to complete the form.

Best regards,


Supplement your vitamins
Received on Monday, 10 October 2005 18:59:39 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:59:39 UTC