Session timeout, has to be top priority!!!

Eric Stadtherr estadtherr at gmail.com
Fri Sep 8 16:01:06 CEST 2006


When the user's browser is visiting the "compose" page, the keepalive is active. This keepalive resets the session timeout timer every minute. Therefore, it shouldn't matter how long it takes you to compose a message; it should not time out.


On Fri, 8 Sep 2006 09:17:31 -0300, "Sergio A. Kessler" <sergiokessler at gmail.com> wrote:
> yes, you are missing the fact that sooner or later,
> you will be writing a long (or interrupted) email (there is no
> activity other than typing here) and when you hit send, b00m, the
> email is lost...
> 
> it happens with squirrell also...
> 
> now, sorry for the noise, I will disable the session timeout...
> 
> On 9/7/06, Eric Stadtherr <estadtherr at gmail.com> wrote:
>> Forgive me if I'm stating the obvious, but it seems like the debate
>> is centering around the question of, "Is the timeout useful?" This
>> seems like a completely different question from "Why is my session
>> expiring even though I'm actively using RoundCube?" If the session
>> management were working correctly, the sessions wouldn't be timing
>> out during message composition and we wouldn't be discussing the
>> first question at all.
>>
>> Am I missing something?
>>
>>
>> On Sep 7, 2006, at 7:37 PM, Sergio A. Kessler wrote:
>>
>> > it seems gmail does the rigth thing.
>> >
>> > but, by far, the most common scenario is a writed lost mail because of
>> > a session timeout, and this is happening to a lot of people (as you
>> > can see), just because someone want to help an *eventual* and
>> > *hipotetical* stupid user that maybe forgot to close the mail...
>> >
>> >
>> > On 9/7/06, Mark Edwards <mark at antsclimbtree.com> wrote:
>> >> I don't see how this kind of attitude can possibly help Roundcube.
>> >>
>> >> Squirrelmail has a timeout, as does Webmin, Cacti, and nearly every
>> >> other web interface that has a login.
>> >>
>> >> I am amazed that this is even an issue.
>> >>
>> >> I agree that the timeout needs to not threaten the usability of the
>> >> app, and that needs discussion, but saying "screw people if they
>> >> don't log out" is ridiculous for an application that is supposed to
>> >> offer a user-friendly interface for novices to use their email.
>> >>
>> >> On Sep 7, 2006, at 5:24 PM, Sergio A. Kessler wrote:
>> >>
>> >> > and how do you stop people from doing stupids things ?
>> >> > and where do you draw the line ?
>> >> >
>> >> > I mean, if I delete an important file or mail and clean the trash,
>> >> > how do you stop me ?
>> >> >
>> >> > shit happens, anyway...
>> >> >
>> >> > and doing something that affect to 99% of the people in a bad way,
>> >> > just because we want to "help" a stupid that forget to close the
>> >> mail
>> >> > in a *public* computer, is nonsense IMO...
>> >> >
>> >> > btw, someone knows how does gmail or hotmail manage this ?
>> >> >
>> >> >
>> >> > On 9/7/06, Mark Edwards <mark at antsclimbtree.com> wrote:
>> >> >> On Sep 7, 2006, at 4:26 PM, Martin Marques wrote:
>> >> >>
>> >> >> > Closing the navegator SHOULD kill the session, AFAIK.
>> >> >> >
>> >> >> > So, the only reason I see is if you leave the web browser open.
>> >> >>
>> >> >> Why is that not a good enough reason for a timeout safety feature?
>> >> >> Someone can have it open but hidden and not realize it.
>> >> >>
>> >> >> Just because someone does something stupid or wrong doesn't mean
>> >> >> there shouldn't be a safety feature to help them.
>> >> >>
>> >> >> --
>> >> >> Mark Edwards
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >> --
>> >> Mark Edwards
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>>
>>
--
<p>
<font size="0">--</font>
</p>
<p>
<font size="3"><strong>Eric Stadtherr</strong></font>
</p>
<p>
<a href="mailto:estadtherr at gmail.com">estadtherr at gmail.com</a> 
</p>






More information about the Dev mailing list