Re: session timeouts - Re: Guideline 2.2 Issue Summary

On 10/10/05, Isofarro <lists@isofarro.uklinux.net> wrote:
> Be a little wary of the practical implications of these ideas (both
> ideas). Server session timeouts are typically there as a means of a
> server reclaiming unused memory. In the UK there's also the Data
> Protection Act to consider, which, in terms of financial websites and
> its related webapplications, its not advisable to keep a session open
> indefinitely, nor is it advisable to store potentially private
> information in a cookie.

Good points, Mike. The only other technique I can think of would be to
offer registration and keep the transaction in a database, which would
allow them a reasonable amount of time (however much the administrator
could afford for a transaction table) to complete the form.

Best regards,

Gez

--
_____________________________
Supplement your vitamins
http://juicystudio.com

Received on Monday, 10 October 2005 18:47:35 UTC