Ideal session timeout (good practices)

Hey, guys!

This question is about good practices. I know that the Outsystems standard session timeout is 20 minutes. But I'd like to know what is the ideal session timeout to be used. Is it the 20 minutes? Setting more than that is a bad practice?

Thanks in advance.


Best regards,

Eduardo

Solution

Hello Eduardo,

My 2 cents and a really short answer would be - you go with the default value unless the End User/ Product Owner/Security & Compliance department specifically requires it to be something different.

To make it a bit longer - "The session expiration timeout values must be set accordingly with the purpose and nature of the web application, and balance security and usability, so that the user can comfortably complete the operations within the web application without his session frequently expiring...Common idle timeouts ranges are 2-5 minutes for high-value applications and 15- 30 minutes for low risk applications" (Source: https://www.linkedin.com/pulse/why-your-app-needs-short-session-timeout-google-facebook-geoff-wilson/ )

Regards,

AJ

Hi, @=AJ= !


Thanks again for the help!


Best regards,

Eduardo

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.