Why does any e-commerce site ever expire your session when you’re mid-way through?
Is the contents of your basket really such a secret thing that it has to be discarded in case someone else discovers what you like buying?
Are we short of disk space to store saved sessions?
If you’re part-way through the checkout, can’t we just store everything, and get you to re-authenticate yourself by re-entering just a few key details?
Can you imagine the security guards in the clohes store ripping your purchases out of your arms and escorting your out of the premises just because you lingered too long thinging what colour shirt to buy?
Posted by Martin Geddes at 11:55 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/574.
I've ranted about this before as well:
http://www.majid.info/mylos/weblog/2004/01/27-1.html
Jakob Nielsen makes the point this leads to massive lost sales:
http://www.useit.com/alertbox/sales_cycle.html
I believe it is because the default session-tracking in application servers like J2EE and .NET is done in memory, and those sessions have to be purged to make room. Saving sessions to a database requires more effort than the out-of-the-box session management, and most web development shops are driven by marketing's desire for shiny bells and whistles rather than more substantial, but less visible usability features.
I at least got a benefit out of a timeout recently - BMI's checkout expired while I was booking a flight to edinburgh, and when I restarted the process a few minutes later my outbound flight had become £10 cheaper.
Posted by: at September 28, 2005 10:49 AM