Proposed documentation for Session time limits

[EstherChristopher]

Sessions

A session refers to the interactive period during which a user is active on their page. When a user logs into their page, a session is created. However, sessions are not infinite. If the user is inactive for a period exceeding the session time limit, their session will expire.

If the user remains active and interacts with their page for the duration of the defined session time limit, their session will remain valid. Sessions are stateful. This means that information about the user's activities and data is saved while on their page.

Session time limits

Session time limit is the maximum time that a user can be inactive from their page after which they are logged out. This means that you will be logged out after two weeks of inactivity

The set time limit for each user is two weeks, which is expressed in seconds (1209600). A two-week time limit is an appropriate measure to prevent security risks. It helps to minimize the risk of unauthorized access if a user leaves their session unattended on a shared or public computer. It also ensures that user data and access are protected.

A logout notification will be sent if you reach the session time limit, alerting you that you've been logged out. To continue your activities, you can simply sign in to gain access again.

The user’s last work is also automatically saved to prevent data loss if the session expires.

Authoring tools should not impose time limits on authoring sessions, or they should automatically save the work of authors. This is in consideration for authors who may have physical or cognitive disabilities and need more time to complete their authoring tasks.

[laymonage]

Thank you, but sessions in Wagtail are provided and configured through Django's session framework, which can be customised by developers. It is not a Wagtail feature, thus we do not need to document this.

[EstherChristopher]

Ohh, it was provided to me as a Wagtail feature that needs documentation.

[laymonage]

Hmm, I might've missed something as there's also #352. Did Thibaud or someone specifically mentioned somewhere that this needs documentation?

[EstherChristopher]

Yes. First, Thibaud sent it to me. Second, it's also part of the accessibility features that need documentation on this list:https://gist.github.com/thibaudcolas/c48b0b4cf8e7966cd09d22677ab63173#a421-describe-accessibility-features

Also, since the final application is closed now, I can take a more thorough look at it and send in another draft.

[thibaudcolas]

Yes :) Django doesn’t have documentation of things like this for end users as far as I know, so we need it in our docs because it affects Wagtail users. If Django did have docs for this we could reference them with a link but I’d expect it’s simpler for us to just write our own content.

Here are requirements on time limits for future reference: A.3.2: (For the authoring tool user interface) Provide authors with enough time..

[laymonage]

Ah, OK, sorry for the mistake. Thank you both for clearing this up!

[EstherChristopher]

Yes :) Django doesn’t have documentation of things like this for end users as far as I know, so we need it in our docs because it affects Wagtail users. If Django did have docs for this we could reference them with a link but I’d expect it’s simpler for us to just write our own content.

Here are requirements on time limits for future reference: A.3.2: (For the authoring tool user interface) Provide authors with enough time..

Thanks for this resource.

[EstherChristopher]

Ah, OK, sorry for the mistake. Thank you both for clearing this up!

Sure.