Ok, I know that's too general a question. So to expand...
For an e-commerce platform, would it be considered bad practice to have a long session length so that items in the basket or view settings (list or grid, order by, etc) are stored in between visits?
Obviously, the authentication would be kept to a secure, short time. The default in the Laravel auth config is 3 hours and I would be happy if the user has to re-authenticate every 3 hours to get to protected content.
I've tried to investigate this issue online but I find so many different opinions that I can't decide. For the site I'm working on, I think a 1 month session length would give a good UX experience. But is this too long from a security point of view? Thanks.