The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Your session has timed out

Don't you just hate it when you're browsing a site, and you take a break from the computer, then when you return and click a link you get a message "your session has timed out"?  I'm not talking about sites where you've logged in and/or started adding things to a shopping cart or anything else that would generally require a session.  I'm just talking about plain browsing a site.

With some of them you are forced to return to the top-level home page before you can establish a new session, forcing you to click-wait-click-wait-click-wait again to reach where you wanted.

If they have to maintain a session, why can't they just automatically start a new one behind the scenes if the page to which I am going doesn't require any data from previous interactions in the session?  This kind of frustration has made sites like that lose sales from me.
T. Norman
Saturday, January 08, 2005
Well it takes a few hundred bytes of state information during a session and by logging you out automatically after 10 minutes, they can reclaim that precious memory.
Dennis Atkins
Saturday, January 08, 2005
I can understand the security aspect of the sites, but I wish they'd (a) let me designate that I'm on my home PC and don't need to log in, and (b) remember where I left off, as you described.

It reminds me of Alan Cooper's comment that we don't really need confirmation dialogs; we use them because they're easier to program than undo functions.  I'd guess it's the same situation here; they see a need for security but not for convenience.

Actually I just sent something to NetLibrary (some of our local libraries use them) the other day asking for something similar, to keep me logged in on my home PC and not to log me out after a few minutes of inactivity.  (I use programming books on there, and I often switch over for a few minutes to test some code, then switch back to find I've been logged out.)

I would expect this is a squeaky-wheel-gets-the-grease situation.
Kyralessa Send private email
Saturday, January 08, 2005
"Well it takes a few hundred bytes of state information during a session and by logging you out automatically after 10 minutes, they can reclaim that precious memory."

You missed the point.  Timing out the session is not the problem.  Unnecessarily bringing you to an error page is the problem.

Passive browsing should not require a session, and if they choose to use sessions for that, the system should be smart enough to smoothly activate a new session and bring the user to the requested page without an error.
T. Norman
Saturday, January 08, 2005
Most session systems do what you want Norman so these people have actually gone out of their way to make it weird!  Most likely, they have error page in there for logged in users but all users (sloppy coding) get the error.
Almost Anonymous Send private email
Saturday, January 08, 2005
A very large site (one I guarantee you've seen) I may be or may have been responsible for had that very issue on many pages.  A lot of information was stored in the session and used for things as simple as various navigation aspects.  Nothing was GET, everything was POST, but if something could be stored in the session to avoid a subsequent POST, it was.

Like search.  If someone entered a search term resulting in a multi-page response, the search terms were stored in the session.  Page offsets were POSTed, and the appropriate search was re-executed with a cursor returned for the appropriate page display.

If the customer wanted to compare two of the items in the search results, opened a new browser, and read specs for a variable amount of time (session timeout manually tuned based on server load), it was quite possible to come back to the site and lack the simplest state, even to go to the next or previous page in search results.

In that situation, they really didn't have an option other than to put up a page saying,"Your session timed out.  This is all your fault!" and redirect the user to the home page.

What was amazing was that a bug was filed to create that warning page, rather than actually fix the problem by adding all the parameters to the search request, and make the search request a GET so people could actually bookmark search results.
Anon for this one
Saturday, January 08, 2005
I absolutely hate this.  I really have to wonder what's going on in the heads of the developers who'd design a site like that and the management of a company that would accept it.

The one offender that has annoyed me the most with this is  Their URLs are huge and, besides the session ID, contain full information on the category you're browsing, the product you're looking at, etc. yet they insist on sending you to an error page if you walk away from your PC for a few minutes.  They make things even worse by having every link be a javascript link so if you're on a page and want to open a few different products in new windows, you're out of luck.  They've lost so many sales from me because of these things and I doubt I'm the only one.
SomeBody Send private email
Monday, January 10, 2005
Another silly thing which burdens the user and is also attributed to programmer/manager incompetence is when they ask you for something like a credit card number or SSN and tell you not to enter any dashes or spaces.  It's like they don't know how to write a simple function that strips out the dashes and spaces.
Monday, January 10, 2005
Close to home.
Marketing dept. bought a CMS system like that. Forced sessions, with no use for those sessions.

Neither Marketing Dept. nor the CMS company can explain the need. Both also don't understand the issues that it may cause for our customers.
lowley employee
Monday, January 10, 2005
Amazon -- a company I have a large amount of respect for, design-wise -- has one of those niggling little "untelligent script" problems, too.  Try putting in a postal code without a space, and it flips out at you.  Further, it tells you your postal code isn't correct.  Which is flat-out wrong.  My code is correct, it's YOUR code that's wrong.

If this was some dinky eCommerce site, I really wouldn't care, but for chrissakes, this is Amazon!  They do so many other user-interface things so AMAZINGLY right, I just have a hard time thinking they'd let this slip by.

...It's like Google having transition ads.  You put up with it from Gamespy, but Google?  "Nahhhh.  I must be seeing things.  Time for bed."
Dan Hulton Send private email
Tuesday, January 11, 2005

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz