What's a good session timeout duration?

Hey everyone, I’m having a chat with some folks internally about what a good session timeout is for a public, online community.
What’s your opinion on this? Shorter for security, longer for ease-of-use, something else?

Is the current default causing problems or are you looking for some?

Are you a bank or a health organization? Are members of your community likely to use public access computers and forget to log off (or not be able to figure out how)? Is someone complaining about having to log in so often? Have you had a single example of someone gaining access to your forum because they stumbled on a logged-in browser? If not, I’d recommend accepting the defaults.


We stand behind our defaults, as we believe those are the appropriate values for most communities.

Lowering the session timeout is only recommended when you community is mostly used by employees/students on shared computers, and you get frequent cases of people posting in each other accounts.


If it’s public then the default one should be fine.


Thanks for your helpful answers, everyone.