1 month ago

Are long sessions bad?

Posted 1 month ago by JBF

Ok, I know that's too general a question. So to expand...

For an e-commerce platform, would it be considered bad practice to have a long session length so that items in the basket or view settings (list or grid, order by, etc) are stored in between visits?

Obviously, the authentication would be kept to a secure, short time. The default in the Laravel auth config is 3 hours and I would be happy if the user has to re-authenticate every 3 hours to get to protected content.

I've tried to investigate this issue online but I find so many different opinions that I can't decide. For the site I'm working on, I think a 1 month session length would give a good UX experience. But is this too long from a security point of view? Thanks.

Please sign in or create an account to participate in this conversation.