I have had a requirement for our web app (under relevant section and sub-section)which says:
Session management
- Session-timeout:
The users should remain logged in for a fair amount of time; The
session should not get timed out in any case and before logging out we
must have a pop-up screen asking if you want to log out or continue.
Also, just to re-iterate this is not a requirement about logout feature.
I believe this is a strange one and a nightmare as it thinks an idle user would respond to the alert, which makes no sense to me and hence the implementation.
But I am quite interested to hear people’s thoughts on this requirement. If you think its valid, reason and how to go about doing this? and if you think this is not a valid requirement, please share your reasons as well.
Thanks,
Sumanth
I think that if Such a popup os shown to prevent timeout sessions while the user is for example reading a long or complex text or just received a phone call, the popup should itself have a timeout. Once the timeout expires the popup is shown with its own timeout, let’s say 10 secs, and if the user doesn’t answer the session should be terminated.
I have seen the approach you have been requested in other web pages but without the second timeout security would be at risk.