[226] in Release_7.7_team
Re: dash logout
daemon@ATHENA.MIT.EDU (cfields@MIT.EDU)
Thu Dec 8 16:49:15 1994
From: cfields@MIT.EDU
Date: Thu, 8 Dec 1994 16:48:32 +0500
To: suggest@MIT.EDU
Cc: release-team@MIT.EDU, jjmorey@MIT.EDU
> How about making it assume a default answer of "yes" if there is no
> keyboard/mouse activity for two minutes (or five minutes, or ten
> minutes) after that message appears?
I've been investigating this. It looks like, briefly (in 6.3A, or
never) this sort of thing did exist as a default. Above the "Do you
want to log out" question was a thirty second countdown timer
indicating the time until you would be logged out of you didn't do
anything.
The question is, why wasn't this actually used in the release by
default?
Richard thinks it's because users would see that they'd get logged
out soon anyway, and so didn't bother to click "yes." So then when
they'd walk away, someone could run up and click "no" and have access
to the user's account. In short, it encouraged people to walk away.
But if it's not made obvious that they will automatically be logged
out, users may click logout and continue doing something else and
then be surprised when they are logged out. Arguably, there's no need
for the user to operate this way, and they wouldn't do it more than
once. Still it should be documented at least.
Another possibility that Bruce came up with was to have the "automatic
logout" happen in two stages. First, after something like 30 seconds,
destroy the user's authentication. At this state the user could still
click "no" and recover their session with a "renew" (which the logout
code could tell them to do). Additionally, should the user walk away
from the workstation, their authentication won't be around very long
at all for someone to grab. Second, after say five minutes, the user
would be logged out.
Now, this proposal doesn't really offer anything over the original 30
second logout, unless you take into account the concern that a user
may be too confused to adequately figure out what to do when presented
with thirty seconds to make a choice. In the original case, they'd get
logged out. With the new idea, they could recover. (This concern is
I believe what motivated Bruce to this idea.)
One problem that this proposal has is that, if the user actually gets
logged out by the timeout mechanism, their .logout file will run
without authentication. This is probably not a big deal. The user is
supposed to be clicking yes or no anyway, and all this is merely
trying to protect them should they forget.
If we decide on anything that requires more than just adding a
non-displayed timer, this will probably have to wait until the summer.
Discussion to software-suggestions.
Craig
