I have question and answer for this question below that, give comment about this answer and Feel free to agree or disagree with it (in 2 or 3 short paragaraph) Be detailed in your postings. Please ensure that your postings are civil and constructive.

Question: When would you terminate an active session with the user? Discuss with examples/scenarios.

Answer: I would terminate an active session with a user differently depending on what the purpose of the webapp is. If the web app contains sensitive private information about the user and the session has been inactive I would want to terminate the session much sooner than an inactive session without private information. I think the best example of a app who's active session should be terminated fairly quickly would be a banking application. If a banking application was left alone for just a couple of minutes I would want to terminate the session to prevent anyone nefarious from gaining access to the account. In this scenario I would also want to termiate the session if the page was closed. I would not want the user to be able to return to the session shortly after closing it without reauthenticating for similar reasons. A session could remain open much longer for a site which doesn't necissarily need an account or have an sensitive information. A specific example that comes to mind is a music streaming application. The user will start the session and then leave it idol while it plays music in the background. I would not want to terminate the user's sessions after a couple of minutes of inactivity. This session could potentially be termiated only when the browser closes, or if the user is inactive for a long while and doesn't interact with a "are you still there" prompt.