Posted on: April 25th, 2009 by Famous Phil

After a lot of googling, I had trouble finding any information on this topic from anywhere, so this is a topic worth blogging about.  Lets introduce the topic, shall we?

So, as long as I can remember, I have gone to many forums on the internet and other sites that require the user to login to do posting or other actions that only registered users can perform.  Naturally, I have signed up with these sites to gain access to either 1. contribute my knowledge, or 2. access the content that I need.  On all of these websites, when logging in, there are 2 options (in general), 1. “login and don’t save your login”, or 2.” login and remember me in the future so I don’t have to login again”. There are also a few sites that have a drop down saying how long you want to remain logged in for with options 30 minutes, 1 hour, 6 hours, 12 hours, 1 day, 1 week, 1 month, or never log me out.  I like those sites the best because they generally have 1 hour as the default session time which clearly notifys me about how long I can post before I’m logged out and will lose my post data.

Normally, On sites without this dropdown, I choose option number 1.  My reasoning is that it is an extra mouse click less (I hate using the mouse when I absolutely don’t have to, and this is my biggest reason), and 2. since my login isn’t stored, there is no possibility that anyone else can access my area if my computer was either stolen or accessed without my authorization.  My third reason is, I typically forget that tab will take me to that box where I can tap the space key.  I usually type in my password then immediately hit enter without thinking.

There are appropriate session lengths for sites.  For example:

1. Bank sites and sites that display confidential information such as paypal, ebay, amazon, walmart, etc should have shorter session times.  A shorter session on these sites can protect you if you walk away from the computer for a while and leave it unprotected (which I occasionally do).  Then there is the fact that these sites generally don’t require you to type in data that would take more than 5 minutes to enter without first confirming with the server some of that data.  Therefore, it would make no sense to keep the session longer.
2. Webmail services such as Yahoo Mail, GMail, Hotmail, and other services should expect that you will login and could possibly write an email that will take you more than an hour to compose.  Normally if a post is going to take this long, you should write it on your computer then copy and paste it, but many people don’t do this (I for sure don’t and I don’t know many people that do this either).  In addition, if you pay for these services, they have separate account management interfaces which have shorter time outs and require an additional login.  Therefore, webmail generally has a very reasonable time out for good reasons, and they still maintain approrpiate levels of security.
3. Most forums (except for 2 that I’m aware of) have session time outs that last longer than 30 minutes.  I feel that 30 minutes to post what you want to say is appropriate for a forum.  I usually end up writing for 20 to 25 minutes of time for each post that I make.  Usually if I have a feeling I will be much longer, I will write on my local machine and copy and paste it to post later.  I do this for a few reasons, 1. I’m afraid my browser will crash, and 2. I’m afraid that the session might time out (if over 30 minutes).  I’m the kind of person who won’t post unless I take the time to make my post very meaningful, and I feel strongly about sharing that knowlege.
4. Most blogging software programs that I know about (including my own wordpress) save drafts every minute which keeps my session active, therefore, making it need a lesser session time.  I’m not sure what my session time is limited to, but I’m positive that I will never lose my post due to a time out or an internet connection issue.

So now is the time for a quick rant that ties into the topic I’m writing about.  For 2 forums that I visit somewhat regularly (1 I have a lot of posts on, the other I don’t), and on 5 occasions, I have written a long post that has taken about 25 minutes of my time in each instance and I have lost all but 2 due to time outs.  Normally when this happens, I get mad and just leave.  Thats mostly the reason why I blog here now on my own server and not elsewhere. Anyways, these 2 sites have session time outs of less than 15 minutes (I think its 10, although its hard telling).  For me, I consider 30 minutes the minimum session length that is reasonable for a forum for people like me who post a lot of information in a single post.

These forums must have an easy option to increase the session time limit, so what is the big deal in increasing it?  By increasing it, you give your users more time to make a single post without fearing a time out (and losing a long post), and you won’t make posters who post a lot of content mad (Like me).  People who make large posts generally can help to increase SEO scores and make your site more popular, thus increasing advertising revenue. So I see it as a win win for increasing the session time out and spending the 5 minutes to find that option.

Anyways, I approached one of these site’s administrators once and mentioned this (and in recent times, have asked other close friends), and have gotten the same basic response: “Learn how to check that keep me logged in box!” Although it isn’t that hard, I normally forget that I can tab to it (mostly a systematic habit of hitting enter immediately after the last character of my password for that site), and using the mouse to do it is a waste of 5 seconds and hand movement because I’m usually too lazy to move my hand over to the mouse from my keyboard *chuckles*.  In addition, that check box will just get unchecked the next time I enter firefox because I have Firefox wipe out my cookies / history on exit.

Another point that I would like to make is that I use Norton Ghost to restore my computer to an original state that I made immediately after installing Windows.  I do this about once a week, so if Firefox doesn’t automatically remove my cookie I set, this certainly will.  So that extra effort for me is pointless.  This probably doesn’t affect most people, but for me, checking that box is pointless.

Basically, I join sites because I want to, and if I feel that admins of these forums don’t feel that something this simple can be fullfilled, then I feel I should take my content elsewhere (or just save the time and put it elsewhere in learning other stuff).  I’m not sure how many people would agree with me, but I’m the kind of person who is set in my ways and am somewhat resistant to change in habits that I have formed years ago.  Perhaps this is bad for me because I am a computer science student and should embrace change, but this is just how things are for me.  I consider some changes good and others very bad.

Anyways, Your comments are appreciated (both good and bad).  I’d rather keep these sites anonymous because I’m not bashing their techniques or sites (in fact, both of the 2 that I have had issues with are extremely helpful when I read them), I’m just stating what is on my mind.  So if you think your site may be what I’m talking about, I’d rather not see it posted on a comment.

Tags: banking, forum, ghost, login, password, posting, save password, session limits, time, time out
Posted in Hosting / Server Administration, Personal, Programming, Technology
|| No Comments »