User Control Systems – What’s the right session length?

Posted on in Uncategorized

1408511_47381303When you think of web development, you might not consider user control systems or session lengths. However, these are important web development considerations when you are looking at web authentication, session management and access control.

What is a web session? A web session is a sequence of network HTTP request and response transactions that are associated to the same user. Web applications generally require the retention of information or status about users for the duration of multiple requests.

As a result, sessions are used to provide the ability to establish variables. Variables are often used to establish access rights and localization settings that apply to each interaction a user has with a web application for the duration of a given session. Sessions are useful in applying security access controls, authorizing access to private user data and increasing the usability of applications.

Applications typically have session capabilities pre and post authentication. So what’s the right session length? Security is often a concern with applications post authentication. Therefore, configuring session idle timeout is important. The right session length for an idle timeout can be configured to anything. However, the timeout period is 30 minutes by default. This is a good rule of thumb.

Applications with a higher security risk should have a smaller timeout period. You can configure the session length between 5 and 90 minutes depending on the level of security you desire. For the most secure applications, you might want to use a 5 minute session timeout. Just keep in mind that short timeout periods can be a real hassle for users, so use your judgement to find the right balance.

Your web development professional will be able to help you further determine what the right session length is for your web application. Every application is different, but a seasoned web developer will be able to provide informed recommendations to make your user control systems user-friendly and secure.

Leave a Reply

What our clients are saying

I want to thank you for your help with our website development project. Your programming skills, attention to detail, and ability to interact directly with our client were excellent. You have provided tremendous value to my organization. With a project of this magnitude, including the use of web services to push data out to 19 sub-websites, your ability to overcome our unique challenges and coordinate with my IT team was exceptional. I appreciate your help, and I am certain that your expertise was key to the project's success. Thanks again, I look forward to working with you on our next endeavor!

~ John Forgione – Executive Vice President – SFA Marketing, Inc.

Read More