increase SESSION_TIMEOUT_CATALOG impact

[solo_400]

Hi Zen friends,

I was reading how to increase session timeout

-- -DrByte suggestion

Just create an /includes/extra_configures/my_ultra_long_session_timeout.php
<?php define('SESSION_TIMEOUT_CATALOG', 1441);

Since I have some sessions time_out everyday, I wish to increase it ( 1 day ? 1 month ? it depends also on my hosting provider? )
Before doing that, I thought: Is there any downside ? Any negative impact on store functionality or for the business ?

thx
ZC 1.5.5

[mc12345678]

If the user that has logged on does not log off and the session has not expired, then the next person on the computer/browser will be able to access the information associated with that user.

Namely PCI compliance is affected, which is the point of the existing constraints. Whether that is needed for the site such as sites that are for example created solely for the display of information.

[solo_400]

Nice, but:

Why Am.z.n let customers come back logged into their account after so long ? I believe for a customer is very handy to not re-login and find their custom main page when go back. Well, for the company is even better many reasons ( user tracking .. etc. )

[carlwhat]

i disagree that increasing catalog timeouts for the catalog, ie customers, affects PCI compliance.

while amazon does allow customers to come back and continue with their session, in my experience, they do require the customer to re-authenticate prior to purchase or viewing order history.

best.

[davewest]

Nice, but:

Why Am.z.n let customers come back logged into their account after so long ?

They use something like 'Remember me' which makes use of a cookie on the user PC to auto login. The account is not left open and times out if the user is not active on site... Remember me is in the plugin section and would be the best way to go and not mess with session time out.