I work for a very well-known publishing / corporate site that
attracts a high number of C-level global visitors. Our Security IT
department has has asked us to change our login procedures to
auto-log out user after 30 minutes (like a bank) as opposed to never
auto-expiring a login authentication cookie.
Unlike other online publications, we require a free one-tine login to
view 95% of the article after a preview "snippet" And we have a
high number of repeat visitors to our web site.
1) As anyone experienced the removing auto authentication and its
result to usability on website?
2) Are there any studies out there that talk to the balance of cookie
authentication vs. logging in every time?