Gertjan > I'd personally set the >timeout to an absolute minimum, and save the session data somewhere >safe on session timeout (stored with the session ID). You can then >automatically log the user back on if a timed-out session reappears >(restoring the session data to %session).
Nice idea if you have a set of very simple pages and/or the data does not change and I did consider this but there are a number of issues a) the data stored in the session temp store (my proxy classes) may be out of date (stale) or otherwise invalid cos another user/session has changed the persistent data b) in complex series of pages making up a single transaction you have to store all pages and jump back in the middle c) How do you cope with the user opening a new session window deliberatly - they would not want to reconnect to the existing session all in all it's much safer in a data intensive app to re-start everything otherwise it's simply too hairy The long time-out works fine - the window stays there keeping state but this is for an Intranet - ie it's just like CHUI terminals would not work - nor would you expect it to work on an extra/inter net - have a short timeout Peter
