Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
hckn2018-09-11 17:03:48
Node.js
hckn, 2018-09-11 17:03:48

What session timeout is acceptable?

Normal sessions (Express/NodeJS) are used. Which ttl to choose? I understand it all depends on the application. But I do not find information relevant to a normal application.
In banks, there are 15 minutes of the session, which is not acceptable for me of course (what will the user log in every 15 minutes?). Social networks like Facebook have a month timeout of 3. OWASP advises as short as possible, max 15-30 minutes, and this is natural for them (for a security organization it is better to overdo it). But 30 minutes is also a very short session, after all!
What about a regular site? The usual content site, with a personal account. In examples with information, extremes are either 15 minutes or 3 months. How are you doing and why?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
Cabac_B, 2018-09-11
@hckn

Yes, even for years.
If there is nothing so super-important / financial there ...

Similar questions
T
Top6662021-06-24 18:33:51
How to get an event from VK? 0Reply
A
Arthur2015-10-19 19:47:51
Frontend chats, is there anything other than Web Standards and Angular Chat on Gitter? 1Reply
D
Dimon Durak2015-10-20 14:11:15
How to correctly set the response header in IAS? 1Reply
T
tikos2015-10-20 23:25:36
What are some good books on node,js? 1Reply
P
puglsey2021-06-27 04:23:30
Automate container rebuilding after installing a package in a project. Is it possible to? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question