For a web-based password-protected site with sensitive information, the user
usually is logged out after a period of inactivity. (In part, this is to
prevent others from seeing/changing the data on their screen, if the user is
on coffee break.) Ideally, the user would be warned before the time-out,
with an option to extend the time.
What are the best practices for this time-out warning?
Note that the user may have multiple browser windows/tabs open (with other
web sites) or may be working in a desktop application. Should they be
interrupted or not? (In this particular application, some users use it
periodically throughout the day, for time-sensitive critical tasks.)
What should the warning's format be? Options include:
- Small popup window (a new browser window). Means users with popups blocked
might not see it.
have open (I think this is referred to as application-modal?)
- "Overlay" modal div layer in the app's web page
- Anything else?
(BTW In this particular application, users are prevented from tabbed
browsing - so they never have multiple windows open for the same app).
And best practices for the layout and wording of the warning?