Answer the question
In order to leave comments, you need to log in
What session timeout is acceptable?
Normal sessions (Express/NodeJS) are used. Which ttl to choose? I understand it all depends on the application. But I do not find information relevant to a normal application.
In banks, there are 15 minutes of the session, which is not acceptable for me of course (what will the user log in every 15 minutes?). Social networks like Facebook have a month timeout of 3. OWASP advises as short as possible, max 15-30 minutes, and this is natural for them (for a security organization it is better to overdo it). But 30 minutes is also a very short session, after all!
What about a regular site? The usual content site, with a personal account. In examples with information, extremes are either 15 minutes or 3 months. How are you doing and why?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question