I am busy with a web app, and (registered) users (may) run into a form they have to fill, and this may take some time...
Probably they will exceed "normal" session lengths, and therefore will be presented with a log-in screen after submitting the form... very frustrating
What would be a good solution? Give them session lengths of, lets say, 20-30 minutes, or give them the opportunity for an auto-login?
Would there be an alternative?
If I make an auto-login, could this be secured or something?
I can just think of :
if no session : check for auto-login cookie, if so login.