By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,913 Members | 1,356 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,913 IT Pros & Developers. It's quick & easy.

How would you respond to a complaint about a timeout issue?

P: 1
Hi,

I've built a web application that has been sold onto dozens of customers in the UK and Ireland. One customer is complaining about a timeout issue, but its their process to blame (the system times out after 15 minutes which gives enough opportunity to fill out a form!) but they've raised a complaint.

How do I explain in clear English that its a security feature, and that it needs to be included to pass a Pen test?
Oct 17 '13 #1
Share this Question
Share on Google+
2 Replies


Nepomuk
Expert 2.5K+
P: 3,112
Hi Sambora and welcome to bytes.com!

I would probably write something like "Dear customer, thank you for your message. The timeout you described is not an error but a security feature; it is assumed that if the form is not completed within 15 minutes it may have been left open by mistake. This could pose a security risk which is why the system will timeout to protect the customers data."

It's not perfect I guess (and it should be adapted to your situation) but I think something of the kind should do.
Oct 18 '13 #2

Frinavale
Expert Mod 5K+
P: 9,731
You could also consider allowing the end user to configure the time out value so that they can pick a time that they deem reasonable (within a max/min constraint that you deem reasonable of course).

I store this type of thing in the web.config file.

-Frinny
Oct 23 '13 #3

Post your reply

Sign in to post your reply or Sign up for a free account.