The token could age after user activation ceases i.e. key strokes, mouse movements etc. A short duration session identifier would be less annoying to the user if an active tab would only lose its state an hour after the user had stopped interacting with it. This would also allow a lower default duration.
The token could age after user activation ceases i.e. key strokes, mouse movements etc. A short duration session identifier would be less annoying to the user if an active tab would only lose its state an hour after the user had stopped interacting with it. This would also allow a lower default duration.