RE: Timing Adjustable: does it apply to timeout from inactivity (no mouse, keyboard activity)

From: David MacDonald []
Sent: Thursday, February 9, 2017 9:54 AM

What are other evaluators doing with time outs from inactivity?  I've been recommending a warning before 20 seconds before the time out "Do you need more time" with  "yes/no" buttons.

But if the session stays open as long as the user is active, one might argue that the user extended the time limit simply by clicking, scrolling, typing ... if they did *nothing* it would time out in 15 minutes, but by using the mouse/keyboard at least every 14:59, they could stay in their account for up to 150 minutes.

[Jason] Nothing in the current text of 2.2.1 prevents it from applying to timeouts that occur after a period of inactivity.  Of course, any action by the user should reset the timeout; otherwise, it wouldn’t be responding to inactivity. Thus, to conform to 2.2.1, I would suggest a warning of the required kind at least 20 second before expiration of the timeout, but that (at least before the warning is presented), any action detected by the content should reset the timer to 0.

It's a significant question, because if that is the case then I'd say there is more flexibility with COGA's requests, which would deal with a *truly* timed events rather than a simple inactivity logout. Security people worry about an abandoned computer left open to others to exploit and don't like extending inactivity logouts.
[Jason]In the case of an inactivity logout, I think preserving all of the data entered and steps completed by the user, and allowing them to return to the step at which they were forcibly logged out, is good practice. This is an aspect of the proposal that should be supported in relation to time limits for which it makes sense.


This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.

Thank you for your compliance.


Received on Thursday, 9 February 2017 15:30:19 UTC