undefined | Better HN

0 pointscactus20934y ago0 comments

But should all sites really be optimized for the user at a public library computer? At the expense of convenience for the large majority of users that are on a personal or work computer? Doesn’t make much sense to me.

Also the computer itself solves this problem for you in many cases, a guest profile typically deletes all browser session info when you log out.

0 comments

alistairSH4y ago

All sites? Probably not.

Many sites? Probably.

You're assuming people log out reliably or otherwise behave in the most secure way. They don't.

I also don't see how logging out/killing a session after 15 minutes of inactivity is much of a hardship for the user.

fauigerzigerk4y ago

I hate _all_ sites that do this and I actively avoid them. There are many very good reasons why I might not be able to complete a form without interruption. It's not for them second guess me.

And it's not just extremely annoying, it's also completely unnecessary. Just put a "trust this browser" checkbox on the sign-in page and adjust the session timeout accordingly.

alistairSH4y ago

Just put a "trust this browser" checkbox on the sign-in page and adjust the session timeout accordingly.

That works. It defaults to the "safe" behavior, but allows users to self-select into other behavior that they find less objectionable.

FWIW, my end-users are using public computer labs, so we have to build for the worst-case in terms of user security habits.

j / k navigate · click thread line to collapse

0 pointscactus20934y ago0 comments

Also the computer itself solves this problem for you in many cases, a guest profile typically deletes all browser session info when you log out.

0 comments

alistairSH4y ago

All sites? Probably not.

Many sites? Probably.

You're assuming people log out reliably or otherwise behave in the most secure way. They don't.

I also don't see how logging out/killing a session after 15 minutes of inactivity is much of a hardship for the user.

fauigerzigerk4y ago

I hate _all_ sites that do this and I actively avoid them. There are many very good reasons why I might not be able to complete a form without interruption. It's not for them second guess me.

And it's not just extremely annoying, it's also completely unnecessary. Just put a "trust this browser" checkbox on the sign-in page and adjust the session timeout accordingly.

alistairSH4y ago

Just put a "trust this browser" checkbox on the sign-in page and adjust the session timeout accordingly.

That works. It defaults to the "safe" behavior, but allows users to self-select into other behavior that they find less objectionable.

FWIW, my end-users are using public computer labs, so we have to build for the worst-case in terms of user security habits.

j / k navigate · click thread line to collapse